You will have to run tcpdumps or fw monitors on both firewalls and try to piece together the flow of the connection.
On 9/12/07, cisco4ng <[EMAIL PROTECTED]> wrote: > > I have a scenario: > > hostX is a linux server sitting behind a pair of SPLAT > firewall NG-AI R55 with HFA_20 running ClusterXL > in Active/Active load-sharing unicast mode. The > lost is 30% for the Pivot mode member and 70% > for the non-pivot member > > hostY sits outside the firewall and trying to download > files 100GB via Secure Copy (SCP aka SSH) from > hostX. I am seeing scp traffics going across both > firewalls. > > I am trying to run tcpdump to capture this scp > traffics. Does it mean I need to run tcpdump > on both firewalls or just one to capture this > traffics? Furthermore, once I am done capturing > the traffics, how am I going to merge the tcpdump > traffics in order analyze them? I am doing this > by writing the tcpdump into a .cap file and view > it with wireshark. > > My question is that when doing Active/Active, > how do you go about running tcpdump and > accurately capture the traffics as described > above? > > thanks in advance. > > > --------------------------------- > Pinpoint customers who are looking for what you sell. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
