If you want to figure out what's happening with traffic on a Juniper Netscreen, there are three basic ways to do it. The least informative is to turn on the "log" option for a given rule. This provides a gui way to look at packets that have matched the rule.
The most informative is "debug flow", from "debug flow basic" up to "debug flow all", and you'll get all kind of information about the decisionmaking process the netscreen goes through as part of passing or dropping a packet - is it part of a flow, is it a new connection, how does it get routed, etc.
And in between, as a happy medium, is the snoop command. It gives you output similar to the basic output from the Solaris "snoop" command. Adjusting the "detail" level will let you change the length of the packet it examines.
Both debug flow and snoop let you filter what traffic is interesting by means of the "set ff" command, and both drop their output into the "dbuf" debug buffer.
- sniffing traffic on a netscreen - snoop or debug flow
- "Wait, did we forget something?"
- Password recovery on foundry/brocade devices
- Everything is better with Legos.
- It's Radia Perlman's network. We just route over it.
- Oh, blade chassis devices, you are awesome yet ann...
- Stay classy, network world.
- Okay, this is a weird one -- Synless Acking
- ▼ July (8)