juniper 抓穿越流量

原文链接:https://kb.juniper.net/InfoCenter/index?page=content&id=KB11709&actp=METADATA

具体配置如下:

user@host# edit forwarding-options packet-capture

[edit forwarding-options packet-capture]

user@host# set file filename testpacketcapture

[edit forwarding-options packet-capture]

user@host# set maximum-capture-size 1500

[edit forwarding-options packet-capture]

user@host# show

file filename testpacketcapture;

maximum-capture-size 1500;

[edit forwarding-options packet-capture]

user@host#top

穿越流量定义

user@host# set firewall filter PCAP term 1 from source-address 10.209.144.32

user@host# set firewall filter PCAP term 1 from destination-address 10.204.115.166

user@host# set firewall filter PCAP term 1 then sample

user@host# set firewall filter PCAP term 1 then accept

user@host# set firewall filter PCAP term 2 from source-address 10.204.115.166

user@host# set firewall filter PCAP term 2 from destination-address 10.209.144.32

user@host# set firewall filter PCAP term 2 then sample

user@host# set firewall filter PCAP term 2 then accept

user@host# set firewall filter PCAP term allow-all-else then accept 

抓包接口定义

user@host# set interfaces ge-0/0/0 unit 0 family inet filter output PCAP

user@host# set interfaces ge-0/0/0 unit 0 family inet filter input PCAP

开始抓包

user@host# commit

抓包后文件提取

log保存在: 

user@host> file list /var/tmp | match 文件名