Have you ever used Wireshark? If so then tcpdump utility within WatchGuard XTM provides similar functionality. I’ll place some brief examples here:
WG#tcpdump ?
<cr> Carriage return
<mstring> Tcpdump command options:
[-adeflnNOpqStuvxX][-c count][-i interface][-s snaplen][-T type][expression]
WG#tcpdump -i
tcpdump version 4.1.1
libpcap version 1.1.1
Usage: tcpdump [-aAbdDefIKlLnNOpPqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -M secret ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
[ -y datalinktype ] [ -z command ] [ -Z user ]
[ expression ]
WG#
WG#tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:44:03.431890 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.a8:f9:4b:86:00:c0.8016, length 47
16:44:03.469609 IP 192.168.10.104.137 > 192.168.10.255.137: UDP, length 50
16:44:03.469968 IP 192.168.10.124.137 > 192.168.10.255.137: UDP, length 50
16:44:03.636728 IP 192.168.10.115.61331 > 62.x.y.97.443: Flags [S], seq 1468728436, win 8192, options [mss 1400,nop,wscale 2,nop,nop,sackOK], length 0
16:44:03.667943 IP 62.x.y.97.443 > 192.168.10.115.61331: Flags [S.], seq 3866047168, ack 1468728437, win 65535, options [mss 1400,nop,wscale 3,sackOK,eol], length 0
16:44:03.668468 IP 192.168.10.115.61331 > 62.x.y.97.443: Flags [.], ack 1, win 16450, length 0
16:44:03.669307 IP 192.168.10.115.61331 > 62.x.y.97.443: Flags [P.], seq 1:3, ack 1, win 16450, length 2
16:44:03.700334 IP 62.x.y.97.443 > 192.168.10.115.61331: Flags [P.], seq 1:3, ack 3, win 8225, length 2
16:44:03.701017 IP 192.168.10.115.61331 > 62.x.y.97.443: Flags [F.], seq 3, ack 3, win 16449, length 0
16:44:03.712460 ARP, Request who-has 192.168.10.166 tell 192.168.10.56, length 46
16:44:03.731733 IP 62.x.y.97.443 > 192.168.10.115.61331: Flags [.], ack 4, win 8225, length 0
16:44:03.731884 IP 62.x.y.97.443 > 192.168.10.115.61331: Flags [F.], seq 3, ack 4, win 8225, length 0
16:44:03.732296 IP 192.168.10.115.61331 > 62.x.y.97.443: Flags [.], ack 4, win 16449, length 0
16:44:03.856526 ARP, Request who-has 192.168.10.167 tell 192.168.10.145, length 46
16:44:04.712321 ARP, Request who-has 192.168.10.166 tell 192.168.10.56, length 46
16:44:04.940881 IP 192.168.10.183.17500 > 255.255.255.255.17500: UDP, length 189
16:44:04.941880 IP 192.168.10.183.17500 > 192.168.10.255.17500: UDP, length 189
16:44:04.975059 ARP, Request who-has 192.168.10.167 tell 192.168.10.145, length 46
16:44:05.437594 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.a8:f9:4b:86:00:c0.8016, length 47
16:44:05.856490 ARP, Request who-has 192.168.10.167 tell 192.168.10.145, length 46
16:44:05.866759 IP6 fe80::146e:c5a:bdf:97ab.51949 > ff02::c.1900: UDP, length 119
16:44:05.866950 IP 192.168.10.183.51951 > 239.255.255.250.1900: UDP, length 125
16:44:05.867585 IP6 fe80::146e:c5a:bdf:97ab.51949 > ff02::c.1900: UDP, length 117
16:44:05.867671 IP 192.168.10.183.51951 > 239.255.255.250.1900: UDP, length 123
16:44:05.871419 ARP, Request who-has 192.168.10.124 tell 192.168.10.183, length 46
16:44:05.871600 IP6 fe80::146e:c5a:bdf:97ab > ff02::1:ffde:5526: ICMP6, neighbor solicitation, who has fe80::39ff:6d3c:22de:5526, length 32
16:44:05.872182 IP6 fe80::39ff:6d3c:22de:5526 > ff02::1:ffdf:97ab: ICMP6, neighbor solicitation, who has fe80::146e:c5a:bdf:97ab, length 32
16:44:05.873145 ARP, Request who-has 192.168.10.120 tell 192.168.10.183, length 46
16:44:05.873903 IP6 fe80::146e:c5a:bdf:97ab > ff02::1:ff98:68d5: ICMP6, neighbor solicitation, who has fe80::ad75:17fd:eb98:68d5, length 32
16:44:05.874200 ARP, Request who-has 192.168.10.183 tell 192.168.10.120, length 46
16:44:05.949498 IP6 fe80::ad75:17fd:eb98:68d5 > ff02::1:ffdf:97ab: ICMP6, neighbor solicitation, who has fe80::146e:c5a:bdf:97ab, length 32
16:44:05.950641 ARP, Request who-has 192.168.10.183 tell 192.168.10.124, length 46
16:44:06.197541 ARP, Request who-has 192.168.10.54 tell 192.168.10.1, length 46
16:44:06.197589 ARP, Request who-has 192.168.10.55 tell 192.168.10.1, length 46
16:44:06.197637 ARP, Request who-has 192.168.10.57 tell 192.168.10.1, length 46
16:44:06.197698 ARP, Request who-has 192.168.10.61 tell 192.168.10.1, length 46
16:44:06.221334 IP 192.168.10.115.61332 > 81.x.y.24.443: Flags [S], seq 2617421978, win 8192, options [mss 1400,nop,wscale 2,nop,nop,sackOK], length 0
16:44:06.309054 IP 81.x.y.24.443 > 192.168.10.115.61332: Flags [S.], seq 2512227147, ack 2617421979, win 65535, options [mss 1400,nop,wscale 3,sackOK,eol], length 0
16:44:06.309516 IP 192.168.10.115.61332 > 81.x.y.24.443: Flags [.], ack 1, win 16450, length 0
16:44:06.309973 IP 192.168.10.115.61332 > 81.x.y.24.443: Flags [P.], seq 1:3, ack 1, win 16450, length 2
16:44:06.395082 IP 81.x.y.24.443 > 192.168.10.115.61332: Flags [P.], seq 1:3, ack 3, win 8225, length 2
16:44:06.395689 IP 192.168.10.115.61332 > 81.x.y.24.443: Flags [F.], seq 3, ack 3, win 16449, length 0
16:44:06.481154 IP 81.x.y.24.443 > 192.168.10.115.61332: Flags [.], ack 4, win 8225, length 0
16:44:06.481309 IP 81.x.y.24.443 > 192.168.10.115.61332: Flags [F.], seq 3, ack 4, win 8225, length 0
16:44:06.481639 IP 192.168.10.115.61332 > 81.x.y.24.443: Flags [.], ack 4, win 16449, length 0
16:44:06.725673 ARP, Request who-has 192.168.10.183 tell 192.168.10.145, length 46
16:44:06.793154 ARP, Request who-has 192.168.10.183 tell 192.168.10.123, length 46
16:44:06.855996 ARP, Request who-has 192.168.10.167 tell 192.168.10.145, length 46
16:44:06.958219 IP6 fe80::1573:6300:33f6:9b8 > ff02::1:ffdf:97ab: ICMP6, neighbor solicitation, who has fe80::146e:c5a:bdf:97ab, length 32
16:44:06.958456 IP6 fe80::146e:c5a:bdf:97ab > ff02::1:fff6:9b8: ICMP6, neighbor solicitation, who has fe80::1573:6300:33f6:9b8, length 32
^Z
WG#
WG#tcpdump -i eth0 host 192.168.10.115
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:43:22.302327 IP 108.x.y.106.80 > 192.168.10.115.62172: Flags [P.], seq 119727968:119728147, ack 2151782143, win 83, length 179
17:43:22.327599 IP 192.168.10.115.62172 > 108.x.y.106.80: Flags [P.], seq 1:329, ack 179, win 16405, length 328
17:43:22.329316 ARP, Request who-has 192.168.10.1 tell 192.168.10.115, length 28
17:43:22.329563 ARP, Reply 192.168.10.1 is-at 00:1d:aa:81:d2:b0, length 46
17:43:22.577004 IP 108.x.y.106.80 > 192.168.10.115.62172: Flags [.], ack 329, win 83, length 0
^Z
WG#