ASA me2

Let's troubleshoot... We also do trainings .. Checkout our training page https://asame2.blogspot.com/p/we-also-deliver-trainings.html

Featured Post

How to generate a CSR on Cisco ASA using CLI? CSR- (Certificate signing request)

First thing we need is an RSA key pair:   crypto key generate rsa label SSL-Key modulus 1024 noconfirm Create a trust-point crypto ca...

Recent Comments

Recent Post

Wednesday 27 February 2019

How to do packet capture in Juniper SRX? / How to use traceoptions in SRX?

  February 27, 2019    


 How to do packet capture in Juniper SRX? / How to use traceoptions in SRX?

I have always been an ASA guy. When I first started working on SRX, I started comparing what I could do on ASA and how can I do that on SRX.

On ASA you could do packet capture and very simply:

capture capin interface inside match ip host 1.1.1.1 host 2.2.2.2

thats all.

On SRX it is similar to that but with a little more commands and procedures. But the good part is, it is there. So let's see how to do it.

Let's say I want to capture traffic between two IPs. Source: 192.168.1.5 Destination: 8.8.8.8

Go to configuration mode (If you don't have time to understand it right now and just need the commands then click Here)

>configure

Let's set a name for the capture:
set security flow traceoptions file capin

Set the size of the capture file:

set security flow traceoptions file size 2m


set security flow traceoptions flag basic-datapath

Tell who the source is:

set security flow traceoptions packet-filter p1 source-prefix 192.168.1.5

Tell who the destination is:

set security flow traceoptions packet-filter p1 destination-prefix 8.8.8.8

Now if you are interested in capturing return traffic as well then you have to create another packet filter for return traffic. Just change the name of the filter, source and destination IPs.

So for return traffic, who the source is:
set security flow traceoptions packet-filter p2 source-prefix 8.8.8.8

For return traffic who the destination is:
set security flow traceoptions packet-filter p2 destination-prefix 192.168.1.5



In SRX, you will need to save this to configuration, then only it will be activated.

You should first check what commands are you going to save to configuration/Commit (Junos term)

show | compare

This will show you what commands are you going to commit to configuration.

You can then check if there is any syntax error:

commit check


Once everything is good, go ahead and commit
Commit

Now ask user to initiate traffic.  To check your capture use command:

run show log capin (remember you are still in configuration mode)
when not in configuration mode you can use : show log capin

 You can even clear these captures in case you feel a need to do it. In fact is recommended to clear the captures couple of time before you actually do a capture.
So first thing I do after applying a traceoption/capture is clear them with this command:
run clear log capin

 Enter this command 3-4 times and then ask user to initiate the traffic.
Once you are done with the captures and you want to delete them, here is the way to do it:
delete security flow traceoptions
If you need to see whether there are any captures already applied, you can use below commands to check that, like in ASA you use to do : show capture and it shows you a list of captures applied, Similarly here you can use:
show security flow traceoptions | display set






  No Comments

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)