Knowledge Search


[ScreenOS] Running "debug flow basic"

  [KB12208] Show Article Properties


This article provides information on how to run the command debug flow basic.


Describe the best way to run the command debug flow basic.


In the example below, traffic is filtered by setting flow filters.

Note: This diagnostic can be CPU intensive. It is best performed during periods of low traffic volume, during off-peak hours, or during scheduled maintenance windows.

First things first: Log onto the device as admin via the CLI (command line interface).

1. set console dbuf Set debugs to be redirected to the debug buffer. It is too CPU intensive to send to the console. The command 'get console' should report 'debug:buffer'.
2. undebug all Turn off any debugs, just to be safe.
3. set db size 4096  (Optional) Increase the debug buffer. The debug buffer is circular. If you need to capture a lot of data, set the debug buffer to the maximum size of 4096 (4 MB). Use the command 'get db info' to see the current size of the debug buffer in KB.

Note: You could alternatively send debug output to a USB drive, which would allow you to have a > 4 MB dbuf buffer. See KB12277 for further details.
4. get ffilter Display any configured flow filters (ffilter). No filters are expected to be set at this time. If you see flow filters listed that are not applicable to your debug test, you can delete them with the command 'unset ffilter'.
5. set ffilter src-ip x.x.x.x dst-ip y.y.y.y

set ffilter src-ip y.y.y.y dst-ip x.x.x.x
Set flow filters (ffilter) to observe specific packets flowing in each direction, and where any possible problems may be. Basically, you want to define the end points of communication to limit what is captured in the debug buffer.

x.x.x.x = IP address of computerA

y.y.y.y = IP address of computerB

For more information on flow filters, refer to KB6709 - Understanding debug ffilters.
6. clear db Clear the debug buffer.
7. debug flow basic Start the debug, specifically the 'flow' debug.
8. Initiate the traffic that you are interested
in capturing.
9. undebug all Turn debugs off and stop writing to the circular debug buffer. Run this command as soon as Step 8 is finished to avoid overwriting what was captured in the debug buffer.

Note: You can also press the ESC key to stop debug and snoop, with a single keystroke.
10. get db stream Display what was captured in the debug buffer. You can also enter 'get db stream > tftp <ipaddr> <filename>'  to redirect the debug buffer to a file.
11. unset ffilter Remove the flow filters. Enter this command twice (once for each filter step in step 5). Use the command 'get ffilter'  to see if the filters are removed.
 12.  unset db size Set the debug buffer size back to the default buffer size. Use the command
'get db info' to see the current size of the debug buffer in KB.

For more information about the above commands, refer to KB5536 - How do I capture debugging (debug flow) information?
Modification History:
2017-11-29: Article reviewed for accuracy. No changes made. Article is correct and complete.
Related Links: