JUNIPER DUMP‎ > ‎

SRX Packet Capture - TCPDUMP

posted 6 Aug 2017, 07:05 by Donald Ross   [ updated 6 Aug 2017, 08:27 ]
Packet Capture

edit forwarding-options packet-capture
set file filename TEST-PACKET-CAPTURE
set maximum-capture-size 1500


set firewall filter PCAP term 1 from source-address 192.168.51.121
set firewall filter PCAP term 1 from destination-address 192.168.60.121
set firewall filter PCAP term 1 then sample 
set firewall filter PCAP term 1 then accept 

set firewall filter PCAP term 2 from source-address 192.168.60.121
set firewall filter PCAP term 2 from destination-address 192.168.51.121
set firewall filter PCAP term 2 then sample 
set firewall filter PCAP term 2 then accept 

set firewall filter PCAP term ALLOW-ALL then accept 


set interfaces ge-0/0/0 unit 0 family inet filter output PCAP
set interfaces ge-0/0/0 unit 0 family inet filter input PCAP

deactivate firewall filter PCAP term 1
deactivate firewall filter PCAP term 2

activate firewall filter PCAP term 1
activate firewall filter PCAP term 2

file list /var/tmp/ | match TEST-PACKET-CAPTURE*

**** trace options used for debug ****

set security flow traceoptions file TEST
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter Match protocol tcp
set security flow traceoptions packet-filter Match destination-port ssh
Comments