{"id":640,"date":"2012-02-06T20:26:51","date_gmt":"2012-02-06T20:26:51","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/02\/06\/running-a-packet-capture-on-a-juniper-srx\/"},"modified":"2021-07-24T18:20:02","modified_gmt":"2021-07-24T18:20:02","slug":"running-a-packet-capture-on-a-juniper-srx","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html","title":{"rendered":"Running a packet capture on a Juniper SRX"},"content":{"rendered":"<p>Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall.<\/p>\n<p><strong><em>Note<\/em> :<\/strong> Great care should be taken when applying captures to ensure that only the traffic that you want to capture is defined within the firewall filter. This is to prevent any unnecessary load being placed onto the resources of your firewall.<\/p>\n<h3><strong>Configure<\/strong><\/h3>\n<p class=\"codemulti\">set forwarding-options packet-capture file filename pcap files 10 size 10000<br \/>set forwarding-options packet-capture maximum-capture-size 1500<\/p>\n<p>set interfaces fe-0\/0\/0 unit 0 family inet filter input PCAP<br \/>set interfaces fe-0\/0\/0 unit 0 family inet filter output PCAP<\/p>\n<p><span>set firewall filter PCAP term FF1 from source-address 172.16.1.0\/24<\/span><br \/><span><code>set firewall filter PCAP term FF1 from destination-address 10.1.1.100\/32<\/code><\/span><br \/><span>set firewall filter PCAP term FF1 then sample<\/span><br \/><span>set firewall filter PCAP term FF1 then accept<\/span><br \/><span>set firewall filter PCAP term FF2 from source-address 10.1.1.110\/32<\/span><br \/><span>set firewall filter PCAP term FF2 from destination-address 172.16.1.0\/24<\/span><br \/><span>set firewall filter PCAP term FF2 then sample<\/span><br \/><span>set firewall filter PCAP term FF2 then accept<\/span><br \/><span>set firewall filter PCAP term allow-all-else then accept<\/span><\/p>\n<h3><strong>Display Capture<\/strong><\/h3>\n<p class=\"codemulti\">root@srx100&gt; start shell<br \/>root@srx100% cd \/var\/tmp\/<br \/>root@srx100% tcpdump -r pcap.fe-0.0.0<br \/>Reverse lookup for 172.16.1.11 failed (check DNS reachability).<br \/>Other reverse lookup failures will not be reported.<br \/>Use &lt;no-resolve&gt; to avoid reverse lookups on IP addresses.<\/p>\n<p>20:21:21.342058&nbsp; In IP 172.16.1.11.9058 &gt; 172.16.1.1.ssh: P 987275121:987275173(52) ack 1326283353 win 4109<br \/>20:21:22.252458 Out IP 172.16.1.1.ssh &gt; 172.16.1.11.9058: P 1:53(52) ack 52 win 32900<br \/>20:21:22.252721&nbsp; In IP 172.16.1.11 &gt; vnsc-bak.sys.gtei.net: ICMP echo request, id 1, seq 1095, length 40<br \/>20:21:22.252853 Out IP vnsc-bak.sys.gtei.net &gt; 172.16.1.11: ICMP echo reply, id 1, seq 1095, length 40<\/p>\n<h3><strong>Remove<\/strong><\/h3>\n<p class=\"codemulti\">root@srx100# delete interfaces fe-0\/0\/0 unit 0 family inet filter input PCAP<br \/>root@srx100# delete interfaces fe-0\/0\/0 unit 0 family inet filter output PCAP<br \/>root@srx100# delete firewall filter PCAP<br \/>root@srx100# delete forwarding-options packet-capture<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when applying captures to ensure that only the traffic that you want to capture is defined within the firewall filter. This is to prevent any unnecessary load being placed &#8230; <a title=\"Running a packet capture on a Juniper SRX\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\" aria-label=\"Read more about Running a packet capture on a Juniper SRX\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Running a packet capture on a Juniper SRX - Fir3net<\/title>\n<meta name=\"description\" content=\"Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Running a packet capture on a Juniper SRX - Fir3net\" \/>\n<meta property=\"og:description\" content=\"Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2012-02-06T20:26:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T18:20:02+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Running a packet capture on a Juniper SRX\",\"datePublished\":\"2012-02-06T20:26:51+00:00\",\"dateModified\":\"2021-07-24T18:20:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\"},\"wordCount\":278,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Juniper Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\",\"name\":\"Running a packet capture on a Juniper SRX - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2012-02-06T20:26:51+00:00\",\"dateModified\":\"2021-07-24T18:20:02+00:00\",\"description\":\"Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Juniper Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/juniper\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Running a packet capture on a Juniper SRX\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Running a packet capture on a Juniper SRX - Fir3net","description":"Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html","og_locale":"en_US","og_type":"article","og_title":"Running a packet capture on a Juniper SRX - Fir3net","og_description":"Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html","og_site_name":"Fir3net","article_published_time":"2012-02-06T20:26:51+00:00","article_modified_time":"2021-07-24T18:20:02+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Running a packet capture on a Juniper SRX","datePublished":"2012-02-06T20:26:51+00:00","dateModified":"2021-07-24T18:20:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html"},"wordCount":278,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Juniper Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html","name":"Running a packet capture on a Juniper SRX - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2012-02-06T20:26:51+00:00","dateModified":"2021-07-24T18:20:02+00:00","description":"Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/running-a-packet-capture-on-a-juniper-srx.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Juniper Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/juniper"},{"@type":"ListItem","position":5,"name":"Running a packet capture on a Juniper SRX"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/640"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=640"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/640\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}