Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Troubleshoot Packet Capture

About Packet Capture Page

You are here: Administration > Tools > Packet Capture.

You can quickly capture and analyze router control traffic on a device.

The packet capture diagnostic tool allows inspection of control traffic (not transient traffic). The summary of each decoded packet is displayed as it is captured. Captured packets are written to a PCAP file which can be downloaded.

Note Starting in Junos OS Release 19.3R1, J-Web supports RE3 line cards for SRX5000 line of devices.

Procedure

To use J-Web packet capture:

  1. Enter the information specified in Table 337 to troubleshoot the issue.
  2. Save the captured packets to a file or specify other advanced options by clicking the expand icon next to Advanced options.
  3. Click Start.

    The captured packet headers are decoded and displayed in the Packet Capture display as specified in Table 338.

  4. Click one:
    • Stop Capturing—Stops capturing the packets and stays on the same page while the decoded packet headers are being displayed.

    • OK—Stops capturing packets and returns to the Packet Capture page.

Table 337: Packet Capture Troubleshooting Options

Field

Description

Interface

Specifies the interface on which the packets are captured.

From the list, select an interface—for example, ge-0/0/0.

If you select default, packets on the Ethernet management port 0 are captured.

Detail level

Specifies the extent of details to be displayed for the packet headers.

  • Brief—Displays the minimum packet header information. This is the default.

  • Detail—Displays packet header information in moderate detail.

  • Extensive—Displays the maximum packet header information.

From the list, select Detail.

Packets

Specifies the number of packets to be captured. Values range from 1 to 1000. Default is 10. Packet capture stops capturing packets after this number is reached.

From the list, select the number of packets to be captured—for example, 10.

Addresses

Specifies the addresses to be matched for capturing the packets using a combination of the following parameters:

  • Direction—Matches the packet headers for IP address, hostname, or network address of the source, destination, or both.

  • Type—Specifies if packet headers are matched for host address or network address.

You can add multiple entries to refine the match criteria for addresses.

Procedure

Select address-matching criteria. For example:

  1. From the Direction list, select source.
  2. From the Type list, select host.
  3. In the Address box, type 10.1.40.48.
  4. Click Add.

Protocols

Matches the protocol for which packets are captured. You can choose to capture TCP, UDP, or ICMP packets or a combination of TCP, UDP, and ICMP packets.

From the list, select a protocol—for example:

  1. Select a protocol from the list.

  2. Click Add.

Ports

Matches the packet headers containing the specified source or destination TCP or UDP port number or port name.

Procedure

Select a direction and a port. For example:

  1. From the Direction list, select src.
  2. In the Port box, type 23.
  3. Click Add.
Advanced Options

Absolute TCP Sequence

Displays the absolute TCP sequence numbers for the packet headers.

  • To display absolute TCP sequence numbers in the packet headers, select this check box.

  • To stop displaying absolute TCP sequence numbers in the packet headers, clear this check box.

Layer 2 Headers

Displays the link-layer packet headers.

  • To include link-layer packet headers while capturing packets, select this check box.

  • To exclude link-layer packet headers while capturing packets, clear this check box.

Non-Promiscuous

Does not place the interface in promiscuous mode so that the interface reads only packets addressed to it.

In promiscuous mode, the interface reads every packet that reaches it.

  • To read all packets that reach the interface, select this check box.

  • To read only packets addressed to the interface, clear this check box.

Display Hex

Displays packet headers, except link-layer headers, in hexadecimal format.

  • To display the packet headers in hexadecimal format, select this check box.

  • To stop displaying the packet headers in hexadecimal format, clear this check box.

Display ASCII and Hex

Displays packet headers in hexadecimal and ASCII formats.

  • To display the packet headers in ASCII and hexadecimal formats, select this check box.

  • To stop displaying the packet headers in ASCII and hexadecimal formats, clear this check box.

Header Expression

Specifies the match condition for the packets to be captured.

The match conditions you specify for Addresses, Protocols, and Ports are displayed in expression format in this field.

Enter match conditions directly in this field in expression format or modify the expression composed from the match conditions you specified for Addresses, Protocols, and Ports. If you change the match conditions specified for Addresses, Protocols, and Ports again, packet capture overwrites your changes with the new match conditions.

Packet Size

Specifies the number of bytes to be displayed for each packet. If a packet header exceeds this size, the display is truncated for the packet header. The default value is 96 bytes.

Type the number of bytes you want to capture for each packet header—for example, 256.

Don't Resolve Addresses

Specifies that IP addresses are not to be resolved into hostnames in the packet headers displayed.

  • To prevent packet capture from resolving IP addresses to hostnames, select this check box.

  • To resolve IP addresses into hostnames, clear this check box.

No Timestamp

Suppresses the display of packet header timestamps.

  • To stop displaying timestamps in the captured packet headers, select this check box.

  • To display the timestamp in the captured packet headers, clear this check box.

Write Packet Capture File

Writes the captured packets to a file in PCAP format in /var/tmp. The files are named with the prefix jweb-pcap and the extension .pcap.

If you select this option, the decoded packet headers are not displayed on the packet capture page.

  • To save the captured packet headers to a file, select this check box.

  • To decode and display the packet headers on the J-Web page, clear this check box.

Table 338: Packet Capture Results and Output Summary

Field

Function

timestamp

Displays the time when the packet was captured. The timestamp 00:45:40.823971 means 00 hours (12.00 a.m.), 45 minutes, and 40.823971 seconds.

Note: The time displayed is local time.

direction

Displays the direction of the packet. Specifies whether the packet originated from the Routing Engine (Out) or was destined for the Routing Engine (In)

protocol

Displays the protocol for the packet.

In the sample output, IP indicates the Layer 3 protocol.

source address

Displays the hostname, if available, or IP address and the port number of the packet's origin. If the Don't Resolve Addresses check box is selected, only the IP address of the source is displayed.

Note: When a string is defined for the port, the packet capture output displays the string instead of the port number.

destination address

Displays the hostname, if available, or IP address of the packet's destination with the port number. If the Don't Resolve Addresses check box is selected, only the IP address of the destination and the port are displayed.

Note: When a string is defined for the port, the packet capture output displays the string instead of the port number.

protocol

Displays the protocol for the packet.

In the sample output, TCP indicates the Layer 4 protocol.

data size

Displays the size of the packet (in bytes).

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit