mirror of https://github.com/opnsense/docs
rearrange diagnostics pages and add some more context
parent
afacb5c329
commit
61e9d6d7d1
@ -1,33 +0,0 @@
|
|||||||
===========
|
|
||||||
Diagnostics
|
|
||||||
===========
|
|
||||||
|
|
||||||
In order to get more insight into your network, and to help solve problems, OPNsense contains several diagnostic tools.
|
|
||||||
|
|
||||||
The tools can be found in three places:
|
|
||||||
|
|
||||||
* :menuselection:`System --> Diagnostics`
|
|
||||||
* :menuselection:`Interfaces --> Diagnostics` (plus one under :menuselection:`Interfaces --> Overview`
|
|
||||||
* :menuselection:`Firewall --> Diagnostics`
|
|
||||||
|
|
||||||
The following tools are available:
|
|
||||||
|
|
||||||
================================================================== ===========================================================================
|
|
||||||
:menuselection:`System --> Diagnostics --> Activity` Show executed commands
|
|
||||||
:menuselection:`System --> Diagnostics --> Services` Shows running services, allows starting/stopping/restarting
|
|
||||||
:menuselection:`Interfaces --> Diagnostics --> ARP Table` Show ARP table, which lists local connected IPv4 peers
|
|
||||||
:menuselection:`Interfaces --> Diagnostics --> DNS Lookup` Easy lookup of IPs and A records that belong to a hostname
|
|
||||||
:menuselection:`Interfaces --> Diagnostics --> NDP Table` Show NDP table, which lists local connected IPv6 peers
|
|
||||||
:menuselection:`Interfaces --> Diagnostics --> Packet capture` Capture packets travelling through an interface
|
|
||||||
:menuselection:`Interfaces --> Diagnostics --> Ping` Ping a hostname or IP address
|
|
||||||
:menuselection:`Interfaces --> Diagnostics --> Port Probe` Test if a host has a certain TCP port open and accepts connections on it
|
|
||||||
:menuselection:`Interfaces --> Diagnostics --> Trace Route` Trace route to a hostname or IP address
|
|
||||||
:menuselection:`Interfaces --> Overview` Shows status, addresses, packet counts, etc. per interface
|
|
||||||
:menuselection:`Firewall --> Diagnostics --> pfInfo` General information and statistics for pf
|
|
||||||
:menuselection:`Firewall --> Diagnostics --> pfTop` Currently active pf states and routes
|
|
||||||
:menuselection:`Firewall --> Diagnostics --> pfTables` Shows IP addresses belonging to aliases
|
|
||||||
:menuselection:`Firewall --> Diagnostics --> Sockets` Shows listening sockets for IPv4 and IPv6
|
|
||||||
:menuselection:`Firewall --> Diagnostics --> States Dump` Currently active states
|
|
||||||
:menuselection:`Firewall --> Diagnostics --> States Reset` Delete active states and source tracking (cancels connections)
|
|
||||||
:menuselection:`Firewall --> Diagnostics --> States Summary` Show states sorted by criteria like source IP, destination IP, …
|
|
||||||
================================================================== ===========================================================================
|
|
@ -0,0 +1,64 @@
|
|||||||
|
===========
|
||||||
|
Diagnostics
|
||||||
|
===========
|
||||||
|
|
||||||
|
-----------------------------------------
|
||||||
|
pfInfo
|
||||||
|
-----------------------------------------
|
||||||
|
|
||||||
|
Various detailed statistics gathered from `pfctl <https://www.freebsd.org/cgi/man.cgi?query=pfctl>`__,
|
||||||
|
such as packet counters per interface, memory limits, configured timeouts and detailed active rules.
|
||||||
|
|
||||||
|
-----------------------------------------
|
||||||
|
pfTop
|
||||||
|
-----------------------------------------
|
||||||
|
|
||||||
|
`pftop <https://www.freebsd.org/cgi/man.cgi?query=pftop>`__ displays the active packetfilter states and rules, and periodically updates this information.
|
||||||
|
|
||||||
|
-----------------------------------------
|
||||||
|
pfTables
|
||||||
|
-----------------------------------------
|
||||||
|
|
||||||
|
Detailed insight into loaded aliases and their content. When an alias has **Statistics** enabled, it will show these
|
||||||
|
too.
|
||||||
|
|
||||||
|
It's also possible to manually adjust the contents, using **Quick add address** or the delete button.
|
||||||
|
|
||||||
|
.. Note::
|
||||||
|
|
||||||
|
When deleting items, keep in mind that the regular update process might put the address (or network) back in, since
|
||||||
|
deletion isn't persistent.
|
||||||
|
|
||||||
|
.. Tip::
|
||||||
|
|
||||||
|
Use "Find references" to check if an address would match any configured aliases, which is very practical for debugging
|
||||||
|
purposes, since it will also check if an address fits a network (such as 10.0.0.2 fits in 10.0.0.0/24).
|
||||||
|
|
||||||
|
|
||||||
|
-----------------------------------------
|
||||||
|
Sockets
|
||||||
|
-----------------------------------------
|
||||||
|
|
||||||
|
Shows listening (or all) sockets for IPv4 and IPv6
|
||||||
|
|
||||||
|
-----------------------------------------
|
||||||
|
States Dump
|
||||||
|
-----------------------------------------
|
||||||
|
|
||||||
|
Insight into the state table (pf), offers the ability to search for specific states and removal.
|
||||||
|
|
||||||
|
-----------------------------------------
|
||||||
|
States Reset
|
||||||
|
-----------------------------------------
|
||||||
|
|
||||||
|
Delete all active states and source tracking (cancels connections)
|
||||||
|
|
||||||
|
.. Warning::
|
||||||
|
|
||||||
|
Handle with care, a state reset will discard all active connections, in which case clients might have to reconnect
|
||||||
|
|
||||||
|
-----------------------------------------
|
||||||
|
States Summary
|
||||||
|
-----------------------------------------
|
||||||
|
|
||||||
|
Show states sorted by criteria like source IP, destination IP, …
|
@ -0,0 +1,75 @@
|
|||||||
|
===========
|
||||||
|
Diagnostics
|
||||||
|
===========
|
||||||
|
|
||||||
|
The interface diagnostics page contains various tools to help debug network issues.
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
ARP Table
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
The `ARP <https://en.wikipedia.org/wiki/Address_Resolution_Protocol>`__ table module shows all MAC addresses known by this firewall.
|
||||||
|
|
||||||
|
==============================================================================================================================================
|
||||||
|
|
||||||
|
=========================== ==================================================================================================================
|
||||||
|
IP IPv4 address
|
||||||
|
MAC `MAC <https://en.wikipedia.org/wiki/MAC_address>`__ address
|
||||||
|
Manufacturer Manufacturer looked up with the mac address above
|
||||||
|
Interface Associated interface
|
||||||
|
Interface name The name of the interface if found
|
||||||
|
Hostname In case of a DHCPv4 client, the hostname when found in the leases file
|
||||||
|
=========================== ==================================================================================================================
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
DNS Lookup
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Perform a quick dns lookup from the firewall.
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
NDP Table
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Show addresses learned by the `Neighbor Discovery Protocol <https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol>`__ for IPv6.
|
||||||
|
|
||||||
|
==============================================================================================================================================
|
||||||
|
|
||||||
|
=========================== ==================================================================================================================
|
||||||
|
IPv6 IPv6 address
|
||||||
|
MAC `MAC <https://en.wikipedia.org/wiki/MAC_address>`__ address
|
||||||
|
Manufacturer Manufacturer looked up with the mac address above
|
||||||
|
Interface Associated interface
|
||||||
|
Interface name The name of the interface if found
|
||||||
|
=========================== ==================================================================================================================
|
||||||
|
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
Packet capture
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
The packet capture module can be used to deep dive into traffic passing a (or multiple) network interfaces.
|
||||||
|
It has some options you can choose from, such as the interface to listen on, protocol you interested in and
|
||||||
|
host to track.
|
||||||
|
|
||||||
|
Packet capture uses `tcpdump <https://www.tcpdump.org/>`__ and runs in the background. After a capture is performed you can
|
||||||
|
either look into it using the **View capture** button or download the pcap file to inspect it in an external tool, such as `Wireshark <https://www.wireshark.org/>`__.
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
Ping
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Use ping to establish if a remote host can be reached using ICMP.
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
Port Probe
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Test if a host has a certain TCP port open and accepts connections on it.
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
Trace Route
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Use `traceroute <https://www.freebsd.org/cgi/man.cgi?query=traceroute>`__ / `traceroute6 <https://www.freebsd.org/cgi/man.cgi?query=traceroute6>`__
|
||||||
|
to measure the path traffic would follow when trying to reach a specific host.
|
@ -0,0 +1,32 @@
|
|||||||
|
===========
|
||||||
|
Diagnostics
|
||||||
|
===========
|
||||||
|
|
||||||
|
-------------------------------
|
||||||
|
Activity
|
||||||
|
-------------------------------
|
||||||
|
|
||||||
|
The activity module shows current active processes and their details, you can search within the list of activities, fetch
|
||||||
|
general information (like load averages, number of processes, etc.) using the info button in the footer of the grid.
|
||||||
|
|
||||||
|
==============================================================================================================================================
|
||||||
|
|
||||||
|
=========================== ==================================================================================================================
|
||||||
|
PID The process id of this process
|
||||||
|
USERNAME Username executed this process
|
||||||
|
PRI Current priority of the process
|
||||||
|
NICE NICE is the `nice <https://en.wikipedia.org/wiki/Nice_(Unix)>`__ amount (in the range -20 to 20)
|
||||||
|
SIZE Total size of the process (text, data, and stack)
|
||||||
|
RES Current amount of resident memory, RAM currently in use by the process
|
||||||
|
C is the processor number on which the process is executing (visible only on SMP systems)
|
||||||
|
TIME The number of system and user cpu seconds that the process has used
|
||||||
|
WCPU Weighted cpu percentage
|
||||||
|
COMMAND Command string
|
||||||
|
=========================== ==================================================================================================================
|
||||||
|
|
||||||
|
|
||||||
|
-------------------------------
|
||||||
|
Services
|
||||||
|
-------------------------------
|
||||||
|
|
||||||
|
The services page shows the configured services and status, you can stop/start/restart all of them here.
|
Loading…
Reference in New Issue