Hi
I`m trying to set script for find, log and block packet like src-mac-address is same as dst-mac-address.
First I need to find and log it. Please help me to right it. Here is my bad try:
[otgonkhuu@MobiNetSU] > system scheduler print det
1 name="StartSnifferEth1" start-date=jan/01/1970 start-time=00:00:00
interval=1m on-event=/tool sniffer set interface=ether1 memory-limit=10
only-headers=yes filter-protocol=mac-only-no-ip
streaming-enabled=no\r\n/tool sniffer start
owner="otgonkhuu"
policy=reboot,read,write,policy,test,password,sniff,sensitive
run-count=4
2 name="StopSnifferEth1" start-date=jan/01/1970 start-time=00:00:05
interval=1m on-event=/tool sniffer stop\r\n:foreach i in=[/tool sniffer
packet find src-mac-address] do={\r\n:if (/tool
sniffer packet src-mac-address=$i dst-mac-
address=$i) do={\r\n:log info [ :put [/tool sniffer
packet find src-mac-address=$i]]\r\n}\r\n}\r\n
owner="otgonkhuu"
policy=reboot,read,write,policy,test,password,sniff,sensitive
run-count=3