Juniper SRX packet captures

 Juniper SRX packet captures.

configure
set forwarding-options packet-capture file testcap1 pcap files 10 size 10000
set forwarding-options packet-capture maximum-capture-size 1500
2. Create your filter


set firewall filter PCAP term capture from source-address 192.168.1.1.32
set firewall filter PCAP term capture from destination-address 10.15.61.45/32
set firewall filter PCAP term capture from protocol tcp
set firewall filter PCAP term capture from destination-port 443
set firewall filter PCAP term capture then accept
set firewall filter PCAP term allow-all-else then accept


3. Define the interface(s) that will capture the trafffic
set interfaces ge-0/0/3 unit 0 family inet filter input PCAP
commit and-quit
**** input indicated to capture packets received.  PCAP is the name of our firewall filter*****

4. Read the tcpdump file from the shell
start shell                                
cd /var/tmp
tcpdump –r pcap.ge-0.0.3



5. Cleanup 
cli
configure
delete interfaces ge-0/0/3 unit 0 family inet filter input PCAP    (stops the cap)      
delete firewall filter PCAP                                   (turns off the filter)
delete forward-options packet-capture
commit and-quit


% rm /var/tmp/pcap.ge-0.0.3.

This entry was posted in Juniper. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s