Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling packet tracing in Deep Security Filter Driver

    • Updated:
    • 11 Sep 2015
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • VMware ESXi 5.0
Summary
Perform packet tracing to verify the path of a packet through the layers to its destination. This is useful for an administrator who would like to see the network traffic to the guest VM intercepted by the Filter Driver.
Details
Public
Deep Security 9.0
To perform packet tracing, the Agentless environment should already be fully functional. This means you have prepared the ESXi and activated the Deep Security Virtual Appliance (DSVA) and VMs.
To enable packet tracing:
  1. Activate a VM protected by DSVA. For example: Windows 7 (64-bit).
  2. Using an SSH application such as Putty, establish an SSH connection to the ESXi host.
  3. Once connected, execute this command:
    tail -f /var/log/vmkernel.log | grep dvfilter
  4. Log in to the DSVA via CLI by pressing ALT + F2.
  5. Navigate to this directory:
    /var/opt/ds_agent/guests/<UUID>
  6. Execute this command:
    /opt/ds_guest_agent/ratt guest pkt_trace
  7. Go back to the Putty session on the ESXi.
    A trace output similar to the following will appear in the console of the ESX machine:
    o2013-04-19T13:37:52.840Z cpu15:2063)dvfilter-dsa: vpkt_dump: --BYPNC--[dom:3999995] I (IPv6:UDP[17]) [fe80:0:0:0:d8a1:6893:35e7:6636] --> [ff02:0:0:0:0:0:0:c] mlen:179, flen: 179 C
    2013-04-19T13:37:52.840Z cpu15:2063)dvfilter-dsa: vpkt_dump: --BYPNC--[dom:3999995] I (IP4|UDP|151|20)10.203.136.164-->239.255.255.250 mlen:165,flen:165 C
To disable packet tracing, run this command on the DSVA:
/opt/ds_guest_agent/ratt guest pkt_trace
For Deep Security 9.5
  1. Login with DSVA via SSH
  2. Switch to root user:

    $sudo -s
  3. Set the trace level to "3" to enable the debug log

    #/opt/ds_agent/ratt trace -s 3
To disable, run the following commend on the DSVA:
#/opt/ds_agent/ratt trace -s 0
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1097715
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.