SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:01

    Hello!

     

    i have created packet-capture filter "packet-tracer".

     

    [edit forwarding-options]
root# show 
packet-capture {
    file filename packet-tracer size 1m world-readable;
}

     Why I have not found it in /var/tmp.

    (Also in /)

    [edit forwarding-options]
root# run file list /var/tmp | match packet-tracer    

[edit forwarding-options]
root# run file list / | match packet-tracer

     



  • 2.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:04

    Hi ,

     

    You need to enable create firewall filter and apply on an interface to capture the packets.

     

    only then you will see the file getting created.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB11709

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

     



  • 3.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:06

    Hi ,

     

    there are 2 options:

     

    1. all packets needs to be captured.

     

    if you want to capture all the packets on the interface says ge-0/0/1 then you need to enable sampling on that interface;

     

    set interfaces ge-0/0/1 unit 0 family inet sampling input output.

     

    2. selective packet capture:

     

    You need to enable create firewall filter and apply on an interface to capture the packets.

     

    only then you will see the file getting created.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB11709

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

     



  • 4.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:25

    all also! file is missing/

     

    check,please my config 

    [edit]
root# show forwarding-options 
packet-capture {
    file filename packet-tracer size 1m world-readable;
}

[edit]
root# show interfaces fe-0/0/5 
unit 0 {
    family inet {
        filter {
            input PCAP;
            output PCAP;
        }
        sampling {
            input;
            output;
        }
        address 1.1.1.2/24;
    }
}

[edit]
root# show firewall 
filter PCAP {
    term 1 {
        from {
            source-address {
                10.10.10.250/32;
            }
            destination-address {
                7.7.7.1/32;
            }
        }
        then {
            sample;
            accept;
        }
    }
    term allow-all-else {
        then accept;
    }
}

[edit]
root#

     



  • 5.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:28

    Hi ,

     

    Add maximum capture size 1500 on the forwarding options packet capture section.

     

    remove filter PCAP from that interface and test it.

     

    Hope inteface fe-0/0/5 is up

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 6.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:34

    Hi ,

     

    Filename in /var/tmp/ will be fe-0/0/5-packet-tracer

    Check it through file list /var/tmp/?

     

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

     



  • 7.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:43

    Very srange. tried all.

    And nothing.

     

    (traffic pings well through SRX)

    Router#ping vrf vrf2 7.7.7.1 source 10.10.10.250

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 7.7.7.1, timeout is 2 seconds:
    Packet sent with a source address of 10.10.10.250
    !!!!!

     



  • 8.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:44

    Hi vlazarev ,

     

    I just checked in the lab.

     

    Filename will be packet-tracer- interfacename

     

    check it using :

     

    user@host> file list /var/tmp/ | match packet-tracer* 

     

    Try disabling Filter PCAP and check again.

    user@host> file list /var/tmp/ | match packet-tracer* 

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

     

     

     


  • 9.  RE: packet-capture file is missing in /var/tmp

    Posted 07-25-2014 05:48

    Also strange. I find it in /cf/var/tmp , though manual says /var/tmp ???

     

    [edit]
root# run file list /cf/var/tmp | match packet-tracer*  
packet-tracer.fe-0.0.5

     thanks for help !!!



  • 10.  RE: packet-capture file is missing in /var/tmp
    Best Answer

    Posted 07-25-2014 05:50

    Hi vlazarev ,

     

    Yes , it will be  /var/tmp/

     

    Please Mark this as accepted solution so that we can close this thread.

     

     

    Thanks and Regards


    rparthi