Dynamic and Manual Packet Captures
The dynamic and manual packet captures help you investigate communication failures on WAN Edge devices.
Mist does not collect or store any payload data from packets capture. Only transmission and connection data are used.
Dynamic Packet Captures
Which Events Trigger Dynamic Packet Captures?
Whenever a connection failure occurs between the WAN Edge devices, it automatically triggers a short-term dynamic packet capture.
These events include:
-
ARP failure to next-hop—The WAN Edge device fails to resolve the MAC address of the next hop or destination on a WAN links.
-
DHCP resolution failure—The WAN Edge device fails to obtain an IP address from the DHCP server on a WAN link.
-
BGP peering failure—A BGP session on the WAN Edge device transitions from established state and fails to maintain the peer session.
-
Overlay path failure—An overlay path between two WAN Edge devices is impacted.
Finding the Packet Captures
Dynamic packet captures are saved to the cloud. You can download these files from the Insights page.
Video Demo
Anyone who's ever looked at WAN PCAPs know how maddening that can be. Literally everyone at the branch accessing the internet is sending traffic on the WAN. Looking at any particular message sequence will most likely involve combining several PCAPs.
This can be time-consuming and frustrating. However, with Juniper Dynamic Packet Capture, now extended to the WAN, MIST automatically captures all the messages when an incident occurs. You no longer need to grab a bunch of PCAPs to combine them and hope you caught what you were looking for, and there's no need to recreate the issue.
Juniper MIST captures the packets while the issue is occurring, so you have the raw data right away. This drastically reduces MTTR as you no longer need to sort through a mountain of messages to find the ones related to your incident. That's WAN Assurance Dynamic PCAP in 60 seconds.
Example
This example shows how easily you can find dynamic packet captures on the Insights page.
From the left menu, select Monitor > Service Levels.
Click the Insights button to view the Insights page.
Scroll down to the Events section and click the applicable tab.
Paperclip icons indicate the events with dynamic packet captures.
Click an event to see more details on the right side of the screen.
Below the details, click Download Packet Capture.
Manual Packet Captures
For manual packet captures, go to Site > WAN Edge Packet Captures, where you can:
-
Choose the network type to capture packets.
-
Restrict the packet capture to WAN Edge device.
-
Configure the number of packets captured, packet size in bytes, and the duration of the capture session.
-
Configure other capture parameters such as header inclusion and capture filters. See Table 1 for details.
After downloading the packet capture to your computer, use Wireshark view the data.
Manual Packet Capture Options
| Option Name | Option Function | Usage Notes | Firmware Notes |
|---|---|---|---|
| Capture | This feature includes packet headers with the packet data. | Packet capture works by buffering packets locally on the device, which has limited space available. By default, Mist truncates header data from the captured packets to reduce the size of capture files while still providing the most relevant information. | – |
| Canned Filters | These filters are based on the type of packet capture that you're performing. | The filters available in the list change depending on whether you're capturing wireless, wired, WAN, or Mist Edge packets. | – |
| Advanced Filters | Use this option to apply your own filters by using
tcpdump syntax. |
- | – |
| Expression Builder | This interactive tool builds custom filters in
tcpdump syntax for use in the capture
session. |
You can let the builder start the filter entry and then add to or delete from the entry manually. | – |