Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Packet Capture Overview

The packet capture tool captures IDP attack packets sent by SRX Series devices. It is installed as part of Security Director installation and runs on the Junos Space Network Management setup. You can use it to help you analyze network traffic and troubleshoot network problems.

Based on a preconfigured set of rules, SRX Series devices classify the packets as normal or an attack. When there is an attack, an SRX Series device sends the attack packets to the Junos Space Network Management Platform. You must configure the SRX Series device to send the attack packets to the Junos Space Network Management Platform.

Junos Space Network Management Platform runs a load balancer bound with a Virtual IP address. You must configure SRX Series devices with the Virtual IP address as the destination for forwarding captured packets. Junos Space Network Management Platform receives those packets and stores them. You can view the attack information and download packets that constitute the attack from the Security Director application.

The ports that are opened between the SRX Series devices and Security Director are:

For information on modifying the IPS configuration on SRX Series devices, see Modifying the IPS Configuration for Security Devices.

Note Packet capture is applicable only for IPS packets.

Network administrators and security engineers use packet capture to perform the following tasks:

This tool captures the entire packet, including the Layer 2 header, and saves the contents to the Junos Space Network Management Platform Database in .pcap format. You can download attack packets captured by SRX Series devices and analyze these packets externally using tools such as Wireshark, tcpdump, tshark, and so on.

Note PCAPs can be suppressed by the log suppression mechanism, which is enabled by default. To disable log suppression, see suppression. To configure SRX IDP packet capture, see Configuring Security Packet Capture.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit