ScreenOS Firewalls (NOT SRX)
Reply
Visitor
davidodav
Posts: 8
Registered: ‎04-19-2011
0

How to open a file captured via snoop with Wireshark

Hello,

 

   I do recently captured a traffic with snoop on ns-5400 firewall with firmware version 6.3.0r11.0. When ever I tried to open the file with wireshark , it just came up with an error message " the file is damaged....". I even copy and paste the output of " get db strea" on notepad and saved it with an extension of .pcap. So when I tried to open this .pcap file still there is the same error message. Do you guys have any idea on how I can open this snoop file using wireshark or any network protocol analyzer?

 

Thanks,

 

CCIE-written (R&S), CCNP, CCNA, JNCIA-Junos, MCSE, HCNE, SCSA
Contributor
BSOD
Posts: 13
Registered: ‎01-13-2011
0

Re: How to open a file captured via snoop with Wireshark

Visitor
davidodav
Posts: 8
Registered: ‎04-19-2011
0

Re: How to open a file captured via snoop with Wireshark

It looks like we have the same issue...please let me know if you get the solution.

 

Thanks,

 

CCIE-written (R&S), CCNP, CCNA, JNCIA-Junos, MCSE, HCNE, SCSA
Contributor
BSOD
Posts: 13
Registered: ‎01-13-2011
0

Re: How to open a file captured via snoop with Wireshark

A Wireshark dev just fixed the code in SVN.  I don't feel compelled to do a win32 compile, so now we wait until it's included in the next release.

Visitor
davidodav
Posts: 8
Registered: ‎04-19-2011
0

Re: How to open a file captured via snoop with Wireshark

...but I have tried the older version of wireshark and the same error message.....

CCIE-written (R&S), CCNP, CCNA, JNCIA-Junos, MCSE, HCNE, SCSA
Contributor
William
Posts: 15
Registered: ‎10-16-2009
0

Re: How to open a file captured via snoop with Wireshark

SVN revision indicates it was an issue with the dash in the zone name. You might be able to edit the dash in the snoop output to a valid character.
Visitor
davidodav
Posts: 8
Registered: ‎04-19-2011
0

Re: How to open a file captured via snoop with Wireshark

Can you please explain it what do you mean by valid character?..with an example (if you can though :smileyhappy:)

 

Thanks,

 

CCIE-written (R&S), CCNP, CCNA, JNCIA-Junos, MCSE, HCNE, SCSA
Contributor
William
Posts: 15
Registered: ‎10-16-2009
0

Re: How to open a file captured via snoop with Wireshark

Change every occurrence of v1-untrust to v1funtrust for example. You would need to make this change for any zone with a dash in the name.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.