|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] License
Yes it can be a problem as it always does reverse DNS lookup on both the internal host counted and on the other host this internal host attempted to connect. But even if it is long it finish by counting all of them. To have only the internal address displayed in hex notation you can try: FW TAB -t host_table -u In my case i wrote a small program to convert those to dot notation IP address.. In my case it give, with long time for entry without reverse mapping answer: C:\cp\fw1\4.1\bin>fw lichosts EMPC 25/9/2001 8:39> host:1.42.168.192 src:192.168.42.1 dst:255.255.255.255 proto:udp sport:2301 dport:2301 EMPC 25/9/2001 8:39> host:6.42.236.205 src:205.236.42.6(sogi-1.Sogi.com) dst:18.145.0.30(NAVOBS1.MIT.EDU) proto:udp sport:ntp-udp dport:ntp-udp EMPC 25/9/2001 8:39> host:100.1.28.172 src:172.28.1.100(gps.horpers.sogi) dst:10.1.1.6 proto:udp sport:ntp-udp dport:ntp-udp EMPC 25/9/2001 8:39> host:8.42.236.205 src:205.236.42.8(dns.Sogi.com) dst:255.255.255.255 proto:udp sport:2301 dport:2301 EMPC 25/9/2001 8:39> host:7.42.236.205 src:205.236.42.7(dns.Sogi.com) dst:255.255.255.255 proto:udp sport:2301 dport:2301 EMPC 25/9/2001 8:43> host:204.1.28.172 src:172.28.1.204 dst:172.16.32.2(fw-sogi.horpers.sogi) proto:icmp EMPC 25/9/2001 8:44> host:176.42.236.205 src:205.236.42.176(ras-gw.Sogi.com) dst:205.242.216.233 proto:udp sport:nbname dport:nbname EMPC 25/9/2001 8:45> host:114.42.236.205 src:205.236.42.114(r14.Sogi.com) dst:255.255.255.255 proto:udp sport:4600 dport:4000 EMPC 25/9/2001 9:20> host:112.42.236.205 src:205.236.42.112 dst:198.82.162.213(lennier.cc.vt.edu) proto:udp sport:1222 dport:ntp-udp EMPC 25/9/2001 10:0> host:4.42.236.205 src:205.236.42.4(sogi-2000.Sogi.com) dst:141.202.215.12 proto:tcp sport:3818 dport:ftp EMPC 25/9/2001 10:4> host:110.42.236.205 src:205.236.42.110(r10.Sogi.com) dst:255.255.255.255 proto:udp sport:4600 dport:4000 EMPC 25/9/2001 10:5> host:108.42.236.205 src:205.236.42.108(r8.Sogi.com) dst:255.255.255.255 proto:udp sport:4600 dport:4000 EMPC 25/9/2001 10:32> host:103.42.236.205 src:205.236.42.103(r3.Sogi.com) dst:207.188.7.85(chanmsgrr1.real.com) proto:tcp sport:1044 dport:http EMPC 25/9/2001 10:49> host:111.42.236.205 src:205.236.42.111(r11.Sogi.com) dst:64.4.13.39(msgr-ns10.msgr.hotmail.com) proto:tcp sport:1031 dport:1863 EMPC 25/9/2001 11:8> host:101.42.236.205 src:205.236.42.101(r1.Sogi.com) dst:142.195.192.35 proto:tcp sport:1065 dport:http EMPC 25/9/2001 12:2> host:120.42.236.205 src:205.236.42.120(r20.Sogi.com) dst:205.236.42.254(sogi-fw.Sogi.com) <Deleted> EMPC 25/9/2001 12:2> host:1.42.236.205 src:205.236.42.1(dns.Sogi.com) dst:205.236.42.254(sogi-fw.Sogi.com) <Deleted> EMPC 25/9/2001 12:3> host:2.42.236.205 src:205.236.42.2(dns.Sogi.com) dst:255.255.255.255 proto:udp sport:2301 dport:2301 EMPC 25/9/2001 12:9> host:222.10.168.192 src:192.168.10.222 dst:10.1.1.254 proto:icmp EMPC 25/9/2001 12:9> host:202.10.168.192 src:192.168.10.202 dst:10.1.1.254 proto:icmp EMPC 25/9/2001 12:9> host:100.1.22.172 src:172.22.1.100 dst:10.1.1.254 proto:icmp EMPC 25/9/2001 12:10> host:109.42.236.205 src:205.236.42.109(r9.Sogi.com) dst:64.4.13.35(msgr-ns6.msgr.hotmail.com) proto:tcp sport:1058 dport:1863 EMPC 25/9/2001 12:13> host:107.42.236.205 src:205.236.42.107(r7.Sogi.com) dst:195.68.87.170(ganymede.imaginet.fr) proto:tcp sport:1439 dport:http EMPC 25/9/2001 12:58> host:118.42.236.205 src:205.236.42.118(r18.Sogi.com) dst:205.237.71.6 proto:tcp sport:4017 dport:http EMPC 25/9/2001 12:59> host:116.42.236.205 src:205.236.42.116(r16.Sogi.com) dst:255.255.255.255 proto:udp sport:4600 dport:4000 EMPC 25/9/2001 13:5> host:104.42.236.205 src:205.236.42.104(r4.Sogi.com) dst:255.255.255.255 proto:udp sport:4000 dport:4242 EMPC 25/9/2001 13:24> host:106.42.236.205 src:205.236.42.106(r6.Sogi.com) dst:255.255.255.255 proto:udp sport:4000 dport:4242 EMPC 25/9/2001 14:50> host:3.42.236.205 src:205.236.42.3(sogi-3.Sogi.com) dst:205.236.42.254(sogi-fw.Sogi.com) <Deleted> EMPC 25/9/2001 16:58> host:226.42.236.205 src:205.236.42.226(dhcp3.Sogi.com) dst:205.189.240.23(www.tse.com) proto:tcp sport:1110 dport:http EMPC 26/9/2001 14:1> host:227.42.236.205 src:205.236.42.227(dhcp4.Sogi.com) dst:207.68.172.246(msn.com) proto:tcp sport:1027 dport:http EMPC 27/9/2001 9:32> host:202.42.236.205 src:205.236.42.202(e2.Sogi.com) dst:255.255.255.255 <Deleted> EMPC 27/9/2001 11:41> host:210.42.236.205 src:205.236.42.210(e10.MNI.Sogi.com) dst:195.126.141.189(mail3.mailmotions.de) proto:tcp sport:1803 dport:http EMPC 27/9/2001 12:7> host:205.1.22.172 src:172.22.1.205 dst:10.1.1.120 proto:tcp sport:2068 dport:1604 EMPC 27/9/2001 14:31> host:101.1.22.172 src:172.22.1.101 dst:10.1.1.120 proto:icmp EMPC 27/9/2001 14:32> host:1.32.16.172 src:172.16.32.1(catalyst.horpers.sogi) dst:10.1.1.120 proto:icmp EMPC 28/9/2001 9:0> host:212.42.236.205 src:205.236.42.212(e12.MNI.Sogi.com) dst:205.151.68.199(tucows.rapidus.net) proto:tcp sport:3085 dport:http EMPC 28/9/2001 10:59> host:2.1.16.172 src:172.16.1.2 dst:172.16.32.2(fw-sogi.horpers.sogi) proto:icmp EMPC 28/9/2001 11:3> host:200.1.18.172 src:172.18.1.200 dst:10.1.1.120 proto:tcp sport:nbsession dport:4314 EMPC 28/9/2001 15:23> host:151.42.236.205 src:205.236.42.151(E500.Sogi.com) dst:255.255.255.255 proto:udp sport:2301 dport:2301 EMPC 28/9/2001 17:9> host:50.42.236.205 src:205.236.42.50(Sevy.Sogi.com) dst:192.26.210.18(news.risq.qc.ca) proto:tcp sport:63360 dport:nntp EMPC 1/10/2001 3:58> host:105.42.236.205 src:205.236.42.105(r5.Sogi.com) dst:128.32.18.166(sagan.ssl.berkeley.edu) proto:tcp sport:1180 dport:http EMPC 2/10/2001 12:12> host:1.1.168.192 src:192.168.1.1 dst:205.236.42.254(sogi-fw.Sogi.com) proto:udp sport:nbname dport:nbname EMPC 2/10/2001 12:12> host:228.42.236.205 src:205.236.42.228(dhcp5.Sogi.com) dst:205.236.42.254(sogi-fw.Sogi.com) <Deleted> EMPC 4/10/2001 9:39> host:119.42.236.205 src:205.236.42.119(r19.Sogi.com) dst:255.255.255.255 proto:udp sport:4600 dport:4000 It doesn't show on which interface it saw the address (EMPCI1 - EMPCI4 in my case) as it truncate it to EMPC... The two fw tab command doesn't have any delays: C:\cp\fw1\4.1\bin>fw tab -t host_table -s HOST NAME ID #VALS localhost host_table 8185 44 C:\cp\fw1\4.1\bin>fw tab -t host_table -u localhost: -------- host_table -------- attributes: never, keep cdec2a32 cdec2a01 cdec2a03 cdec2a02 cdec2a04 cdec2a07 cdec2a06 cdec2a08 cdec2a65 cdec2a67 cdec2a69 cdec2a68 cdec2a6b cdec2a6a cdec2a6d cdec2a6c cdec2a6f cdec2a6e cdec2a70 cdec2a72 cdec2a74 cdec2a77 cdec2a76 cdec2a78 c0a80101 ac1201c8 ac1601cd ac1c01cc cdec2ab0 cdec2a97 ac100102 cdec2ae3 cdec2ae2 cdec2ae4 ac1c0164 ac120166 ac160164 ac160165 cdec2aca cdec2ad2 cdec2ad4 c0a82a01 c0a80aca c0a80ade ac102001 At 10:05 2001-10-05 +0200, Reed Mohn, Anders wrote: > > >> To know the detail (Which IP, since When, etc): >> >> FW LICHOSTS > > >This never works for me, it only shows one or two addresses, >then quits. >Do you have any idea why it does that? > >It seems to me, from the delay in printing the addresses, >that it might be performing some kind of DNS-lookup, which >I don't allow from the FW. Could this be a problem? > >Cheers, >Anders :) > > ------------------------------------------------------------ Yves Belle-Isle V.P. VE2YBI YB17 Email: [email protected] Responsable des Systemes Tel:Sogi Informatique Ltee. Fax:------------------------------------------------------------ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
