fw monitor is a powerful command for troubleshooting and analyzing packets

i will explain some example of fw monitor

Below command from the expert mode. It shows packet for IP 192.168.2.2 as source or destination.

fw# fw monitor -e ‘accept host(192.168.2.2);’

We can understand some points to fw monitor command - (i, I, o, O)

i - Before the FireWall Virtual Machine, in the inbound direction – Pre-Inbound – marked as i 

I  -  After the FireWall Virtual Machine, in the inbound direction – Post-Inbound – marked as I

o - Before the FireWall Virtual Machine, in the outbound direction – Pre-Outbound – marked as o

O - After the FireWall Virtual Machine, in the outbound direction – Post-Outbound – marked as O

fw monitor -e “accept src=xx.xx.xx.xx;”

-----------------------------------------------------------

Write output to file [-o ]

fw monitor –o monitor.pcap -e “accept src=xx.xx.xx.xx;”

Capturing all traffic to or from a host

fw monitor -e “accept src=xx.xx.xx.xx or dst=xx.xx.xx.xx;”

Capture http traffic

fw monitor -e “accept sport=80 or dport=80;”

View traffic for virtual system with ID . Attn: with fw monitor use -v instead of -vs

fw monitor -v  -e 'accept;'

Capture web traffic for VSX virtual system ID 3

fw monitor -v 3 -e 'accept tcpport(80);'