Diagnostics
The interface diagnostics page contains various tools to help debug network issues.
ARP Table
The ARP table module shows all MAC addresses known by this firewall.
IP |
IPv4 address |
MAC |
MAC address |
Manufacturer |
Manufacturer looked up with the mac address above |
Interface |
Associated interface |
Interface name |
The name of the interface if found |
Hostname |
In case of a DHCPv4 client, the hostname when found in the leases file |
DNS Lookup
Perform a quick dns lookup from the firewall.
NDP Table
Show addresses learned by the Neighbor Discovery Protocol for IPv6.
IPv6 |
IPv6 address |
MAC |
MAC address |
Manufacturer |
Manufacturer looked up with the mac address above |
Interface |
Associated interface |
Interface name |
The name of the interface if found |
Netstat
The netstat module contains a useful set of network status and statistics metrics, which are split into a number of topics.
Tip
Use the refresh icon in the tab to refresh the data in it (selection won't change).In order of relevance you can find the following information here:
Interfaces
This section contains all (physical and virtual) attached interfaces to the system containing metrics like the number of packets and bytes send- and received per (hardware) address.
Protocol
Contains system wide statistics for each network protocol. Examples of statistics that can be found in this region are the number of tcp listening connections, sent packets, duplicate packets, etc, etc.
Sockets
Displays network and unix domain sockets, this basically combines netstat with sockstat on FreeBSD
in order to provide insights into which process is listening were combined with metrics known by the system.
Netisr
Show statistics from the kernel network dispatch service, known as netisr(9).
Memory
Show statistics recorded by the memory management routines (mbuf(9)).
The network manages a private pool of memory buffers.
Bpf
Show statistics about bpf(4) peers.
This includes information like how many packets have been matched, dropped and received by the bpf device,
also information about current buffer sizes and device states.
Packet capture
The packet capture module can be used to deep dive into traffic passing a (or multiple) network interfaces. It has some options you can choose from, which are detailed below.
Interface |
List of interfaces to start a capture on. A tcpdump process is started on each selected interface |
Promiscuous |
When set, the system will capture all traffic present on the interface in stead of the traffic heading to the firewall. |
Address Family |
Capture IPv4, IPv6 or both |
Invert Protocol |
Select all but the protocol selected below |
Protocol |
The protocol to filter on |
Host Address |
This value is either the Source or Destination IP/MAC address or subnet in CIDR notation.
The packet capture will look for this address in either field.
Matching can be negated by preceding the value with “ |
Invert Port |
Select all but the port selected below |
Port |
Port number to filter on (e.g. |
Packet Length |
The Packet length is the number of bytes of each packet that will be captured. Default value is 0, which will capture the entire frame regardless of its size. |
Count |
This is the number of packets the packet capture will grab (per selected interface). Default value is 100. Enter 0 (zero) for no count limit. |
Description |
Description to be displayed in “jobs” tab |
Packet capture uses tcpdump and runs in the background. After a capture is performed you can either look into it using the View capture button in the jobs tab or download the pcap file(s) to inspect it in an external tool, such as Wireshark.
The jobs tab contains all running or executed captures, the following options are available per capture job:
- Shows the capture is currently active
- Remove capture (stops capture when currently active)
- Stop the current capture
- (Re)starts the current capture, removes previous results when executed before
- Download a zip file containing all captured pcap files and a json file with selected options
- View capture in high detail
- View capture in medium detail
- View capture in standard detail
Tip
All view buttons can be used when the capture is still active, they will just show the details collected until now.
Ping
Use ping to establish if a remote host can be reached using ICMP echo requests. It’s one of the most used tools to validate basic connectivity.
Hostname or IP |
Hostname or IP address to send the icmp packet too |
Address Family |
Send using IPv4 or IPv6 |
Source address |
Source address to use, can be any address configured on this firewall |
Packet size |
Specify the number of data bytes to be sent. Keep in mind this is the payload size, an IP and ICMP header are added. |
Do not fragment |
Set DF bit. |
Description |
Description to be displayed in “jobs” tab |
Tip
To locate MTU (Maximum transmission unit) issues, use the “Do not fragment” option to force a packet of certain size to travel the network
Tip
When the default ping is not able to reach the target, but one with a preset source address is, one usally needs to add a static route to force traffic using the correct source address. This is for example common for IPsec policy based tunnels which install a kernel trap on the specified source network.
The jobs tab contains all running or executed pings, the following options and properties are available per job:
- Shows the ping is currently active
- Remove ping (stops capture when currently active)
- Stop the current ping
- (Re)starts the current ping, removes previous results when executed before
description |
Job description |
hostname |
Target hostname or ip address |
source_address |
Source address (default empty) |
send |
Number of packets send |
received |
Number of packets received |
min |
min time to live (ms) |
max |
max time to live (ms) |
avg |
average time to live (ms) |
loss |
loss percentage |
last_error |
last found ping error |
Port Probe
Test if a host has a certain TCP port open and accepts connections on it.
Trace Route
Use traceroute / traceroute6 to measure the path traffic would follow when trying to reach a specific host.
Hostname or IP |
Target hostname or ip address |
Address Family |
Address family to use |
Protocol |
Protocol to use for the trace, by default UDP is used, if this doesn’t work, ICMP is available as alternative |
Source address |
Source address (default empty) |
Tip
The result grid also contains the autonomous system number which can be practical if you want to filter traffic to or from a specific party. Use to collect the associated networks and add them in rules.