[j-nsp] SRX210 + AppTrack. How to analyse?

Mark Tees marktees at gmail.com
Mon Aug 12 02:29:23 EDT 2013 

Skeeve,

If don't want to packet capture or want to do this continuously you could
mirror to a port on a server and run http://www.ntop.org/ on that port.


On Mon, Aug 12, 2013 at 4:18 PM, MALLETT, Leo (Leo) <
leo.mallett at alcatel-lucent.com> wrote:

> Hi Skeeve,
> There are a few ways to do it.
> 1. You could login to the shell as root and tcpdump the interface to a
> capture file, this won't be "live" but you can roll files over.
>
> http://www.fir3net.com/Juniper-SRX-Series-Gateway/running-a-packet-capture-on-a-juniper-srx.html
>
> 2. You could also monitor the traffic for live visibility "monitor
> interface <X.y> extensive no-resolve size <mtu>" without quotations, and
> set <> enclosed to match your configuration. I believe SRX210H have 1GB
> flash so the latter may be better.
>
> 3. Alternately set the forwarding options to capture the file (if platform
> supports it)
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB11709
>
> 4. Mirror the port to a host and capture with wireshark.
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB21833
>
> Regards,
> Leo Mallett
>
> -----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> Of Skeeve Stevens
> Sent: Monday, August 12, 2013 3:12 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] SRX210 + AppTrack. How to analyse?
>
> Hey all,
>
> I have a customer in a bandwidth sensitive location (expensive and slow),
> and they would like to know what is going through their device, and who is
> doing it.
>
> In Cisco terms, this was NBAR - we used it many times to track down
> bandwidth hogs.
>
> This is a small branch site using a SRX210H, and obviously STRM is too
> expensive for a reporting engine.
>
> So what I am looking for is... How can we look at their device, and see
> what is happening (preferably live) on a protocol and user (IP?) basis.
>
> I understand it can export to syslog, but that just gives me lots of text
> to deal with... nothing that is easy to look at.
>
> Thank you for helping out guys!
>
> ...Skeeve
>
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/skeeve
>
> twitter.com/networkceoau ; blog: www.network-ceo.net
>
>
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Regards,

Mark L. Tees

More information about the juniper-nsp mailing list