[j-nsp] SRX210 + AppTrack. How to analyse?

MALLETT, Leo (Leo) leo.mallett at alcatel-lucent.com
Mon Aug 12 02:18:56 EDT 2013

Hi Skeeve,
There are a few ways to do it.
1. You could login to the shell as root and tcpdump the interface to a capture file, this won't be "live" but you can roll files over. 

2. You could also monitor the traffic for live visibility "monitor interface <X.y> extensive no-resolve size <mtu>" without quotations, and set <> enclosed to match your configuration. I believe SRX210H have 1GB flash so the latter may be better.

3. Alternately set the forwarding options to capture the file (if platform supports it)

4. Mirror the port to a host and capture with wireshark.

Leo Mallett

-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Skeeve Stevens
Sent: Monday, August 12, 2013 3:12 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] SRX210 + AppTrack. How to analyse?

Hey all,

I have a customer in a bandwidth sensitive location (expensive and slow), and they would like to know what is going through their device, and who is doing it.

In Cisco terms, this was NBAR - we used it many times to track down bandwidth hogs.

This is a small branch site using a SRX210H, and obviously STRM is too expensive for a reporting engine.

So what I am looking for is... How can we look at their device, and see what is happening (preferably live) on a protocol and user (IP?) basis.

I understand it can export to syslog, but that just gives me lots of text to deal with... nothing that is easy to look at.

Thank you for helping out guys!


*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau> linkedin.com/in/skeeve

twitter.com/networkceoau ; blog: www.network-ceo.net

The Experts Who The Experts Call
Juniper - Cisco - Cloud
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list