ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

How to open a file captured via snoop with Wireshark

06.06.12   |  
‎06-06-2012 12:26 PM

Hello,

 

   I do recently captured a traffic with snoop on ns-5400 firewall with firmware version 6.3.0r11.0. When ever I tried to open the file with wireshark , it just came up with an error message " the file is damaged....". I even copy and paste the output of " get db strea" on notepad and saved it with an extension of .pcap. So when I tried to open this .pcap file still there is the same error message. Do you guys have any idea on how I can open this snoop file using wireshark or any network protocol analyzer?

 

Thanks,

 

2XCCIE (R&S|SP), CCNP, CCNA, 3XJNCIS,JNCIA-Junos, VCP-NV, 2XVCA
7 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: How to open a file captured via snoop with Wireshark

06.06.12   |  
‎06-06-2012 12:41 PM
ScreenOS Firewalls (NOT SRX)

Re: How to open a file captured via snoop with Wireshark

06.06.12   |  
‎06-06-2012 01:01 PM

It looks like we have the same issue...please let me know if you get the solution.

 

Thanks,

 

2XCCIE (R&S|SP), CCNP, CCNA, 3XJNCIS,JNCIA-Junos, VCP-NV, 2XVCA
ScreenOS Firewalls (NOT SRX)

Re: How to open a file captured via snoop with Wireshark

06.06.12   |  
‎06-06-2012 01:12 PM

A Wireshark dev just fixed the code in SVN.  I don't feel compelled to do a win32 compile, so now we wait until it's included in the next release.

ScreenOS Firewalls (NOT SRX)

Re: How to open a file captured via snoop with Wireshark

06.06.12   |  
‎06-06-2012 01:27 PM

...but I have tried the older version of wireshark and the same error message.....

2XCCIE (R&S|SP), CCNP, CCNA, 3XJNCIS,JNCIA-Junos, VCP-NV, 2XVCA
ScreenOS Firewalls (NOT SRX)

Re: How to open a file captured via snoop with Wireshark

06.06.12   |  
‎06-06-2012 09:14 PM
SVN revision indicates it was an issue with the dash in the zone name. You might be able to edit the dash in the snoop output to a valid character.
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: How to open a file captured via snoop with Wireshark

06.08.12   |  
‎06-08-2012 06:42 AM

Can you please explain it what do you mean by valid character?..with an example (if you can though Smiley Happy)

 

Thanks,

 

2XCCIE (R&S|SP), CCNP, CCNA, 3XJNCIS,JNCIA-Junos, VCP-NV, 2XVCA
ScreenOS Firewalls (NOT SRX)

Re: How to open a file captured via snoop with Wireshark

06.09.12   |  
‎06-09-2012 04:27 AM
Change every occurrence of v1-untrust to v1funtrust for example. You would need to make this change for any zone with a dash in the name.