mirror of https://github.com/opnsense/docs
rearrange diagnostics pages and add some more context
parent
afacb5c329
commit
61e9d6d7d1
@ -1,33 +0,0 @@
|
||||
===========
|
||||
Diagnostics
|
||||
===========
|
||||
|
||||
In order to get more insight into your network, and to help solve problems, OPNsense contains several diagnostic tools.
|
||||
|
||||
The tools can be found in three places:
|
||||
|
||||
* :menuselection:`System --> Diagnostics`
|
||||
* :menuselection:`Interfaces --> Diagnostics` (plus one under :menuselection:`Interfaces --> Overview`
|
||||
* :menuselection:`Firewall --> Diagnostics`
|
||||
|
||||
The following tools are available:
|
||||
|
||||
================================================================== ===========================================================================
|
||||
:menuselection:`System --> Diagnostics --> Activity` Show executed commands
|
||||
:menuselection:`System --> Diagnostics --> Services` Shows running services, allows starting/stopping/restarting
|
||||
:menuselection:`Interfaces --> Diagnostics --> ARP Table` Show ARP table, which lists local connected IPv4 peers
|
||||
:menuselection:`Interfaces --> Diagnostics --> DNS Lookup` Easy lookup of IPs and A records that belong to a hostname
|
||||
:menuselection:`Interfaces --> Diagnostics --> NDP Table` Show NDP table, which lists local connected IPv6 peers
|
||||
:menuselection:`Interfaces --> Diagnostics --> Packet capture` Capture packets travelling through an interface
|
||||
:menuselection:`Interfaces --> Diagnostics --> Ping` Ping a hostname or IP address
|
||||
:menuselection:`Interfaces --> Diagnostics --> Port Probe` Test if a host has a certain TCP port open and accepts connections on it
|
||||
:menuselection:`Interfaces --> Diagnostics --> Trace Route` Trace route to a hostname or IP address
|
||||
:menuselection:`Interfaces --> Overview` Shows status, addresses, packet counts, etc. per interface
|
||||
:menuselection:`Firewall --> Diagnostics --> pfInfo` General information and statistics for pf
|
||||
:menuselection:`Firewall --> Diagnostics --> pfTop` Currently active pf states and routes
|
||||
:menuselection:`Firewall --> Diagnostics --> pfTables` Shows IP addresses belonging to aliases
|
||||
:menuselection:`Firewall --> Diagnostics --> Sockets` Shows listening sockets for IPv4 and IPv6
|
||||
:menuselection:`Firewall --> Diagnostics --> States Dump` Currently active states
|
||||
:menuselection:`Firewall --> Diagnostics --> States Reset` Delete active states and source tracking (cancels connections)
|
||||
:menuselection:`Firewall --> Diagnostics --> States Summary` Show states sorted by criteria like source IP, destination IP, …
|
||||
================================================================== ===========================================================================
|
@ -0,0 +1,64 @@
|
||||
===========
|
||||
Diagnostics
|
||||
===========
|
||||
|
||||
-----------------------------------------
|
||||
pfInfo
|
||||
-----------------------------------------
|
||||
|
||||
Various detailed statistics gathered from `pfctl <https://www.freebsd.org/cgi/man.cgi?query=pfctl>`__,
|
||||
such as packet counters per interface, memory limits, configured timeouts and detailed active rules.
|
||||
|
||||
-----------------------------------------
|
||||
pfTop
|
||||
-----------------------------------------
|
||||
|
||||
`pftop <https://www.freebsd.org/cgi/man.cgi?query=pftop>`__ displays the active packetfilter states and rules, and periodically updates this information.
|
||||
|
||||
-----------------------------------------
|
||||
pfTables
|
||||
-----------------------------------------
|
||||
|
||||
Detailed insight into loaded aliases and their content. When an alias has **Statistics** enabled, it will show these
|
||||
too.
|
||||
|
||||
It's also possible to manually adjust the contents, using **Quick add address** or the delete button.
|
||||
|
||||
.. Note::
|
||||
|
||||
When deleting items, keep in mind that the regular update process might put the address (or network) back in, since
|
||||
deletion isn't persistent.
|
||||
|
||||
.. Tip::
|
||||
|
||||
Use "Find references" to check if an address would match any configured aliases, which is very practical for debugging
|
||||
purposes, since it will also check if an address fits a network (such as 10.0.0.2 fits in 10.0.0.0/24).
|
||||
|
||||
|
||||
-----------------------------------------
|
||||
Sockets
|
||||
-----------------------------------------
|
||||
|
||||
Shows listening (or all) sockets for IPv4 and IPv6
|
||||
|
||||
-----------------------------------------
|
||||
States Dump
|
||||
-----------------------------------------
|
||||
|
||||
Insight into the state table (pf), offers the ability to search for specific states and removal.
|
||||
|
||||
-----------------------------------------
|
||||
States Reset
|
||||
-----------------------------------------
|
||||
|
||||
Delete all active states and source tracking (cancels connections)
|
||||
|
||||
.. Warning::
|
||||
|
||||
Handle with care, a state reset will discard all active connections, in which case clients might have to reconnect
|
||||
|
||||
-----------------------------------------
|
||||
States Summary
|
||||
-----------------------------------------
|
||||
|
||||
Show states sorted by criteria like source IP, destination IP, …
|
@ -0,0 +1,75 @@
|
||||
===========
|
||||
Diagnostics
|
||||
===========
|
||||
|
||||
The interface diagnostics page contains various tools to help debug network issues.
|
||||
|
||||
---------------------
|
||||
ARP Table
|
||||
---------------------
|
||||
|
||||
The `ARP <https://en.wikipedia.org/wiki/Address_Resolution_Protocol>`__ table module shows all MAC addresses known by this firewall.
|
||||
|
||||
==============================================================================================================================================
|
||||
|
||||
=========================== ==================================================================================================================
|
||||
IP IPv4 address
|
||||
MAC `MAC <https://en.wikipedia.org/wiki/MAC_address>`__ address
|
||||
Manufacturer Manufacturer looked up with the mac address above
|
||||
Interface Associated interface
|
||||
Interface name The name of the interface if found
|
||||
Hostname In case of a DHCPv4 client, the hostname when found in the leases file
|
||||
=========================== ==================================================================================================================
|
||||
|
||||
---------------------
|
||||
DNS Lookup
|
||||
---------------------
|
||||
|
||||
Perform a quick dns lookup from the firewall.
|
||||
|
||||
---------------------
|
||||
NDP Table
|
||||
---------------------
|
||||
|
||||
Show addresses learned by the `Neighbor Discovery Protocol <https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol>`__ for IPv6.
|
||||
|
||||
==============================================================================================================================================
|
||||
|
||||
=========================== ==================================================================================================================
|
||||
IPv6 IPv6 address
|
||||
MAC `MAC <https://en.wikipedia.org/wiki/MAC_address>`__ address
|
||||
Manufacturer Manufacturer looked up with the mac address above
|
||||
Interface Associated interface
|
||||
Interface name The name of the interface if found
|
||||
=========================== ==================================================================================================================
|
||||
|
||||
|
||||
---------------------
|
||||
Packet capture
|
||||
---------------------
|
||||
|
||||
The packet capture module can be used to deep dive into traffic passing a (or multiple) network interfaces.
|
||||
It has some options you can choose from, such as the interface to listen on, protocol you interested in and
|
||||
host to track.
|
||||
|
||||
Packet capture uses `tcpdump <https://www.tcpdump.org/>`__ and runs in the background. After a capture is performed you can
|
||||
either look into it using the **View capture** button or download the pcap file to inspect it in an external tool, such as `Wireshark <https://www.wireshark.org/>`__.
|
||||
|
||||
---------------------
|
||||
Ping
|
||||
---------------------
|
||||
|
||||
Use ping to establish if a remote host can be reached using ICMP.
|
||||
|
||||
---------------------
|
||||
Port Probe
|
||||
---------------------
|
||||
|
||||
Test if a host has a certain TCP port open and accepts connections on it.
|
||||
|
||||
---------------------
|
||||
Trace Route
|
||||
---------------------
|
||||
|
||||
Use `traceroute <https://www.freebsd.org/cgi/man.cgi?query=traceroute>`__ / `traceroute6 <https://www.freebsd.org/cgi/man.cgi?query=traceroute6>`__
|
||||
to measure the path traffic would follow when trying to reach a specific host.
|
@ -0,0 +1,32 @@
|
||||
===========
|
||||
Diagnostics
|
||||
===========
|
||||
|
||||
-------------------------------
|
||||
Activity
|
||||
-------------------------------
|
||||
|
||||
The activity module shows current active processes and their details, you can search within the list of activities, fetch
|
||||
general information (like load averages, number of processes, etc.) using the info button in the footer of the grid.
|
||||
|
||||
==============================================================================================================================================
|
||||
|
||||
=========================== ==================================================================================================================
|
||||
PID The process id of this process
|
||||
USERNAME Username executed this process
|
||||
PRI Current priority of the process
|
||||
NICE NICE is the `nice <https://en.wikipedia.org/wiki/Nice_(Unix)>`__ amount (in the range -20 to 20)
|
||||
SIZE Total size of the process (text, data, and stack)
|
||||
RES Current amount of resident memory, RAM currently in use by the process
|
||||
C is the processor number on which the process is executing (visible only on SMP systems)
|
||||
TIME The number of system and user cpu seconds that the process has used
|
||||
WCPU Weighted cpu percentage
|
||||
COMMAND Command string
|
||||
=========================== ==================================================================================================================
|
||||
|
||||
|
||||
-------------------------------
|
||||
Services
|
||||
-------------------------------
|
||||
|
||||
The services page shows the configured services and status, you can stop/start/restart all of them here.
|
Loading…
Reference in New Issue