Deep Security 9.0
To perform packet tracing, the Agentless environment should already be fully functional. This means you have prepared the ESXi and activated the Deep Security Virtual Appliance (DSVA) and VMs.
To enable packet tracing:
- Activate a VM protected by DSVA. For example: Windows 7 (64-bit).
- Using an SSH application such as Putty, establish an SSH connection to the ESXi host.
- Once connected, execute this command:
tail -f /var/log/vmkernel.log | grep dvfilter
- Log in to the DSVA via CLI by pressing ALT + F2.
- Navigate to this directory:
/var/opt/ds_agent/guests/<UUID>
- Execute this command:
/opt/ds_guest_agent/ratt guest pkt_trace
- Go back to the Putty session on the ESXi.
A trace output similar to the following will appear in the console of the ESX machine:o2013-04-19T13:37:52.840Z cpu15:2063)dvfilter-dsa: vpkt_dump: --BYPNC--[dom:3999995] I (IPv6:UDP[17]) [fe80:0:0:0:d8a1:6893:35e7:6636] --> [ff02:0:0:0:0:0:0:c] mlen:179, flen: 179 C
2013-04-19T13:37:52.840Z cpu15:2063)dvfilter-dsa: vpkt_dump: --BYPNC--[dom:3999995] I (IP4|UDP|151|20)10.203.136.164-->239.255.255.250 mlen:165,flen:165 C
To disable packet tracing, run this command on the DSVA:
/opt/ds_guest_agent/ratt guest pkt_trace
For Deep Security 9.5
- Login with DSVA via SSH
- Switch to root user:
$sudo -s - Set the trace level to "3" to enable the debug log
#/opt/ds_agent/ratt trace -s 3
To disable, run the following commend on the DSVA:
#/opt/ds_agent/ratt trace -s 0