Troubleshoot Packet Capture
About Packet Capture Page
You are here: Device Administration > Tools > Packet Capture.
You can quickly capture and analyze router control traffic on a device.
The packet capture diagnostic tool allows inspection of control traffic (not transient traffic). The summary of each decoded packet is displayed as it is captured. Captured packets are written to a PCAP file which can be downloaded.
Starting in Junos OS Release 19.3R1, J-Web supports RE3 line cards for SRX5000 line of devices.
To use J-Web packet capture:
Enter the information specified in Table 1 to troubleshoot the issue.
Save the captured packets to a file or specify other advanced options by clicking the expand icon next to Advanced options.
Click Start.
The captured packet headers are decoded and displayed in the Packet Capture display as specified in Table 2.
Click one:
Stop Capturing—Stops capturing the packets and stays on the same page while the decoded packet headers are being displayed.
OK—Stops capturing packets and returns to the Packet Capture page.
Field |
Description |
---|---|
Interface |
Specifies the interface on which the packets are captured. From the list, select an interface—for example, ge-0/0/0. If you select default, packets on the Ethernet management port 0 are captured. |
Detail level |
Specifies the extent of details to be displayed for the packet headers.
From the list, select Detail. |
Packets |
Specifies the number of packets to be captured. Values range from 1 to 1000. Default is 10. Packet capture stops capturing packets after this number is reached. From the list, select the number of packets to be captured—for example, 10. |
Addresses |
Specifies the addresses to be matched for capturing the packets using a combination of the following parameters:
You can add multiple entries to refine the match criteria for addresses. Select address-matching criteria. For example:
|
Protocols |
Matches the protocol for which packets are captured. You can choose to capture TCP, UDP, or ICMP packets or a combination of TCP, UDP, and ICMP packets. From the list, select a protocol—for example:
|
Ports |
Matches the packet headers containing the specified source or destination TCP or UDP port number or port name. Select a direction and a port. For example:
|
Advanced Options | |
Absolute TCP Sequence |
Displays the absolute TCP sequence numbers for the packet headers.
|
Layer 2 Headers |
Displays the link-layer packet headers.
|
Non-Promiscuous |
Does not place the interface in promiscuous mode so that the interface reads only packets addressed to it. In promiscuous mode, the interface reads every packet that reaches it.
|
Display Hex |
Displays packet headers, except link-layer headers, in hexadecimal format.
|
Display ASCII and Hex |
Displays packet headers in hexadecimal and ASCII formats.
|
Header Expression |
Specifies the match condition for the packets to be captured. The match conditions you specify for Addresses, Protocols, and Ports are displayed in expression format in this field. Enter match conditions directly in this field in expression format or modify the expression composed from the match conditions you specified for Addresses, Protocols, and Ports. If you change the match conditions specified for Addresses, Protocols, and Ports again, packet capture overwrites your changes with the new match conditions. |
Packet Size |
Specifies the number of bytes to be displayed for each packet. If a packet header exceeds this size, the display is truncated for the packet header. The default value is 96 bytes. Type the number of bytes you want to capture for each packet header—for example, 256. |
Don't Resolve Addresses |
Specifies that IP addresses are not to be resolved into hostnames in the packet headers displayed.
|
No Timestamp |
Suppresses the display of packet header timestamps.
|
Write Packet Capture File |
Writes the captured packets to a file in PCAP format in /var/tmp. The files are named with the prefix jweb-pcap and the extension .pcap. If you select this option, the decoded packet headers are not displayed on the packet capture page.
|
Field |
Function |
---|---|
timestamp |
Displays the time when the packet was captured. The timestamp 00:45:40.823971 means 00 hours (12.00 a.m.), 45 minutes, and 40.823971 seconds. Note:
The time displayed is local time. |
direction |
Displays the direction of the packet. Specifies whether the packet originated from the Routing Engine (Out) or was destined for the Routing Engine (In) |
protocol |
Displays the protocol for the packet. In the sample output, IP indicates the Layer 3 protocol. |
source address |
Displays the hostname, if available, or IP address and the port number of the packet's origin. If the Don't Resolve Addresses check box is selected, only the IP address of the source is displayed. Note:
When a string is defined for the port, the packet capture output displays the string instead of the port number. |
destination address |
Displays the hostname, if available, or IP address of the packet's destination with the port number. If the Don't Resolve Addresses check box is selected, only the IP address of the destination and the port are displayed. Note:
When a string is defined for the port, the packet capture output displays the string instead of the port number. |
protocol |
Displays the protocol for the packet. In the sample output, TCP indicates the Layer 4 protocol. |
data size |
Displays the size of the packet (in bytes). |