How to take packet capture in SRX

I wasn’t planning to put my notes about packet capture here today but I have got an issue with my ESX server file upload component. I kept receiving “I/O Error” during a file upload to datastore directly or big (e.g 1-2 GB) ova file deployments. I took several captures with no positive result in the end. I was thinking that it is the problem of ESX server but when I connected my vsphere client directly to the SRX box, I saw that neither SRX nor ESX server is the culprit. Some device in between my client and server behaving abnormally which I couldn’t figure out yet. I will keep troubleshooting:) Now I would like to put my notes here to easily find them again how we can take packet capture in a branch SRX device.

1) First set the capture file and maximum packet size. (It is better to set 1500 not to miss any part of a packet)

[edit forwarding-options]
root@host# show
packet-capture {
    file filename tcp_disconnect_issue;
    maximum-capture-size 1500;
}

2) Apply the capture on the interface you would like to collect traffic in both direction

[edit interfaces fe-0/0/0 unit 0]
root@host# show
family inet {
    sampling {
        input;
        output;
 }
    address 192.168.200.1/24;
}

Once you commit you will see that capture files will be collected under /var/tmp/ folder:

% ls -al /var/tmp/tcp_disconnect_issue.fe-0.0.0*
-rw-r----- 1 root wheel 216300 Oct 16 16:15 /var/tmp/tcp_disconnect_issue.fe-0.0.0
-rw-r--r-- 1 root wheel 364986 Oct 16 16:14 /var/tmp/tcp_disconnect_issue.fe-0.0.0.0.gz

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading