[j-nsp] SRX210 + AppTrack. How to analyse?

MALLETT, Leo (Leo) leo.mallett at alcatel-lucent.com
Mon Aug 12 02:18:56 EDT 2013


Hi Skeeve,
There are a few ways to do it.
1. You could login to the shell as root and tcpdump the interface to a capture file, this won't be "live" but you can roll files over. 
http://www.fir3net.com/Juniper-SRX-Series-Gateway/running-a-packet-capture-on-a-juniper-srx.html

2. You could also monitor the traffic for live visibility "monitor interface <X.y> extensive no-resolve size <mtu>" without quotations, and set <> enclosed to match your configuration. I believe SRX210H have 1GB flash so the latter may be better.

3. Alternately set the forwarding options to capture the file (if platform supports it)
http://kb.juniper.net/InfoCenter/index?page=content&id=KB11709

4. Mirror the port to a host and capture with wireshark.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21833

Regards,
Leo Mallett

-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Skeeve Stevens
Sent: Monday, August 12, 2013 3:12 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] SRX210 + AppTrack. How to analyse?

Hey all,

I have a customer in a bandwidth sensitive location (expensive and slow), and they would like to know what is going through their device, and who is doing it.

In Cisco terms, this was NBAR - we used it many times to track down bandwidth hogs.

This is a small branch site using a SRX210H, and obviously STRM is too expensive for a reporting engine.

So what I am looking for is... How can we look at their device, and see what is happening (preferably live) on a protocol and user (IP?) basis.

I understand it can export to syslog, but that just gives me lots of text to deal with... nothing that is easy to look at.

Thank you for helping out guys!

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau> linkedin.com/in/skeeve

twitter.com/networkceoau ; blog: www.network-ceo.net


The Experts Who The Experts Call
Juniper - Cisco - Cloud
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list