Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Verifying Packet Capture
To verify packet capture, perform these tasks:
- Displaying a Packet Capture Configuration
- Displaying a Firewall Filter for Packet Capture Configuration
- Verifying Captured Packets
Displaying a Packet Capture Configuration
Purpose
Verify the packet capture configuration.
Action
From the J-Web interface, select CLI Tools>CLI Viewer. Alternatively, from configuration mode in the CLI, enter the show forwarding-options command.
Meaning
Verify that the output shows the intended file configuration for capturing packets.
Related Topics
For more information about the format of a configuration file, see the information about viewing configuration text in the J-Web Interface User Guide or the Junos CLI User Guide.
Displaying a Firewall Filter for Packet Capture Configuration
Purpose
Verify the firewall filter for packet capture configuration.
Action
From the J-Web interface, select CLI Tools>CLI Viewer. Alternatively, from configuration mode in the CLI, enter the show firewall filter dest-all command.
Meaning
Verify that the output shows the intended configuration of the firewall filter for capturing packets sent to the destination address 192.168.1.1/32.
Related Topics
For more information about the format of a configuration file, see the information about viewing configuration text in the Junos CLI User Guide.
Verifying Captured Packets
Purpose
Verify that the packet capture file is stored under the /var/tmp directory and the packets can be analyzed offline.
Action
Take the following actions:
- Disable packet capture. See Disabling Packet Capture.
- Perform these steps to transfer a packet capture file
(for example, 126b.fe-0.0.1), to a server where you have
installed packet analyzer tools (for example, tools-server), using FTP.
- From the CLI configuration mode, connect to tools-server using FTP:user@host# run ftp tools-serverConnected to tools-server.mydomain.net220 tools-server.mydomain.net FTP server (Version 6.00LS) readyName (tools-server:user):remoteuser331 Password required for remoteuser.Password:230 User remoteuser logged in.Remote system type is UNIX.Using binary mode to transfer files.ftp>
- Navigate to the directory where packet
capture files are stored on the device:ftp> lcd /var/tmpLocal directory now /cf/var/tmp
- Copy the packet capture file that you
want to analyze—for example, 126b.fe-0.0.1, to the
server:ftp> put 126b.fe-0.0.1local: 126b.fe-0.0.1 remote: 126b.fe-0.0.1200 PORT command successful.150 Opening BINARY mode data connection for '126b.fe-0.0.1'.100% 1476 00:00 ETA226 Transfer complete.1476 bytes sent in 0.01 seconds (142.42 KB/s)
- Return to the CLI configuration mode:ftp> bye221 Goodbye.[edit]user@host#
- From the CLI configuration mode, connect to tools-server using FTP:
- Open the packet capture file on the server with tcpdump or any packet analyzer that supports libpcap format.
Sample Output
root@server% tcpdump -r 126b.fe-0.0.1
-xevvvv01:12:36.279769 Out 0:5:85:c4:e3:d1 > 0:5:85:c8:f6:d1, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 33133, offset 0, flags [none], proto: ICMP (1), length: 84) 14.1.1.1 > 15.1.1.1: ICMP echo request seq 0, length 64
0005 85c8 f6d1 0005 85c4 e3d1 0800 4500
0054 816d 0000 4001 da38 0e01 0101 0f01
0101 0800 3c5a 981e 0000 8b5d 4543 51e6
0100 aaaa aaaa aaaa aaaa aaaa aaaa aaaa
aaaa aaaa 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000
01:12:36.279793 Out 0:5:85:c8:f6:d1 > 0:5:85:c4:e3:d1, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 41227, offset 0, flags [none], proto: ICMP (1), length: 84) 15.1.1.1 > 14.1.1.1: ICMP echo reply seq 0, length 64
0005 85c4 e3d1 0005 85c8 f6d1 0800 4500
0054 a10b 0000 3f01 bb9a 0f01 0101 0e01
0101 0000 445a 981e 0000 8b5d 4543 51e6
0100 aaaa aaaa aaaa aaaa aaaa aaaa aaaa
aaaa aaaa 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000
root@server% Meaning
Verify that the output shows the intended packets.
