[j-nsp] Capturing/displaying contents of incoming packets
Saku Ytti
saku at ytti.fi
Thu Apr 12 19:02:57 EDT 2012
On (2012-04-12 23:23 +0100), Tom Storey wrote:
> Im wondering if there is some way to output the details like a TCP
> dump, or capture to a pcap file which can be read by Wireshark et al?
> The later seems possible on certain models, but not the gear in
> question here, an MX960 with DPCEs.
Setup GRE tunnel towards your *nix box (no need to config tunnel in *nix) and
mirror packets to the tunnel.
Something to this effect
interfaces {
gr-1/0/0 {
unit 1 {
tunnel {
source your_loopback;
destination your_nix_pc;
}
family inet {
127.0.0.42/31;
}
family inet6 {
address fe80::42/127;
}
}
}
}
forwarding-options {
port-mirroring {
input {
rate 1;
}
family inet {
output {
interface gr-1/0/0.1;
}
}
family inet6 {
output {
interface gr-1/0/0.1;
}
}
}
}
Then in firewall config 'then port-mirror;' for what ever you want to mirror.
I suggest using tshark in your NIX box, rather than tcpdump, as you can see
actual useful packet, not just the top GRE. And you can use display filters
matches to capture only interesting packets
--
++ytti
More information about the juniper-nsp
mailing list