Menü Kapat

Check Point Firewall – Connection Table Analysis

# fw tab -t connections -u > /var/log/connstat_Connections_Table.txt

C:\Users\Windows7\Desktop>connStat.exe -help

Usage: connStat -f
[-a|-c|-s|-r|-l|-p|-d|-n ] -a Show all flags -c Connection state info -s Top X Services used -r Top X Rule used -l Top X Least Used Rules -d Top Clients and Servers -i Interfaces connection directions -p Top Protocols -n Specify X

C:\Users\Windows7\Desktop>connStat.exe -f connstat_Connections_Table.txt -a
Total Number of connections: 2058
============================
Started:        271
Established:    951
Closed:         186
Half Closed:    650

Top 10 Services:
================
Service: 443    Hits: 1101 Rules: 19,4
Service: 80     Hits: 439 Rules: 19,4
Service: 53     Hits: 253 Rules: 17,4,18
Service: 8014   Hits: 105 Rules: 5,12
Service: 5228   Hits: 57 Rules: 19
Service: 25     Hits: 24 Rules: 4,0
Service: 49154  Hits: 12 Rules: 4,12
Service: 3389   Hits: 10 Rules: 5,12
Service: 18192  Hits: 9 Rules: 0
Service: 5223   Hits: 7 Rules: 19

Top 10 Rules:
=============
Rule: 19        Hits: 1573       --this rule should be moved higher--
Rule: 17        Hits: 148
Rule: 04        Hits: 85
Rule: 05        Hits: 74
Rule: 18        Hits: 71
Rule: 12        Hits: 60
Rule: 00        Hits: 38
Rule: 07        Hits: 3
Rule: 03        Hits: 3
Rule: 01        Hits: 3

Top 10 Least Used Rules:
========================
Rule: 01        Hits: 3
Rule: 03        Hits: 3
Rule: 07        Hits: 3
Rule: 00        Hits: 38
Rule: 12        Hits: 60
Rule: 18        Hits: 71
Rule: 05        Hits: 74
Rule: 04        Hits: 85
Rule: 17        Hits: 148
Rule: 19        Hits: 1573

Top 10 Clients:
===============
Client: x.x.x.x     Hits: 184
Client: x.x.x.x    Hits: 158
Client: x.x.x.x      Hits: 150
Client: x.x.x.x    Hits: 117
Client: x.x.x.x    Hits: 99
Client: x.x.x.x    Hits: 89
Client: x.x.x.x    Hits: 82
Client: x.x.x.x    Hits: 68
Client: x.x.x.x     Hits: 66
Client: x.x.x.x    Hits: 63

Top 10 Servers:
===============
Server: x.x.x.x   Hits: 179
Server: x.x.x.x     Hits: 105
Server: x.x.x.x  Hits: 89
Server: x.x.x.x      Hits: 44
Server: x.x.x.x   Hits: 40
Server: x.x.x.x   Hits: 38
Server: x.x.x.x   Hits: 28
Server: x.x.x.x    Hits: 24
Server: x.x.x.x  Hits: 23
Server: x.x.x.x      Hits: 23

Interface Directions (fw ctl if list):
======================================
IF direction: in 06,06 -> out 01,01     Hits: 836
IF direction: in 02,02 -> out 05,05     Hits: 792
IF direction: in 02,02 -> out 05,01     Hits: 176
IF direction: in 01,01 -> out 06,06     Hits: 77
IF direction: in 04,04 -> out 06,06     Hits: 50
IF direction: in 00,00 -> out 01,01     Hits: 36
IF direction: in 00,00 -> out 06,06     Hits: 34
IF direction: in 01,01 -> out 00,00     Hits: 23
IF direction: in 06,06 -> out 04,04     Hits: 16
IF direction: in 06,00 -> out 00,01     Hits: 7

Top Protocols:
==============
Protocol: tcp   Hits: 1793
Protocol: udp   Hits: 265

2 Comments

  1. Ronnie Guthrie

    Quick question – at what position does ‘Rule: 00’ exist in the rulebase? Does this mean ‘Rule: 00’ is actually rule #1 etc.?

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir