SRX

Expand all | Collapse all

SRX Session Analyzer based on Perl

Jump to Best Answer

Elevate11-17-2010 00:28Best Answer

Elevate03-25-2016 04:29

  • 1.  SRX Session Analyzer based on Perl

    Posted 11-16-2010 21:12

    The following perl code is free to modify and use to analyze SRX session dump, which can be collected by "show security flow session". It works on Windows and Linux.

     

     

    How to use it?

    Download the attached file ('jsa.txt"), and rename it as "jsa.pl", then run it on Windows or Linux. I have tested it for 112M bytes of session dump, and it works well.

     

    For example,

     

    c:\> jsa.pl


    *** Tom's SRX Session Dump Analyzer 0.3 ***

    Enter the file name of session dump: session.txt
    How many Top Talkers do you want to see (e.g., type 10)? 10

    Nov 17 13:36:31  Extract the Session ID and Session wing0 for each session
    Nov 17 13:36:35  ...Done
    Nov 17 13:36:35  Extract src-ip, src-port, dst-ip, dst-port, policy name, incoming interface and timeout
    Nov 17 13:36:38  ...Done
    Nov 17 13:36:38  Create hash tables and sort these
    Nov 17 13:36:40  ...Done
    Nov 17 13:36:40  Sort Top 10 Talkers
    Nov 17 13:36:41  ...Done


    Check out "Top10-Talkers.log" file ...

     

     

    Contents of "Top10-Talkers.log" file

    --------------------------------------------------------------------------------
    Top 10 src-ip, src-port, dst-ip, dst-port and protocol
    --------------------------------------------------------------------------------
    192.168.1.33/55490 --> 10.10.219.16/20000 tcp  1
    192.168.2.45/39963 --> 10.10.219.16/10000 tcp  1
    10.10.10.187/34309 --> 10.10.229.17/9093 tcp  1
    192.168.1.33/52626 --> 10.10.115.19/50000 tcp  1
    10.10.10.12/27545 --> 10.10.229.20/9093 tcp  1
    192.168.3.102/41217 --> 10.10.229.16/8098 tcp  1
    192.168.4.25/48879 --> 10.10.115.220/50000 tcp  1
    192.168.5.132/56143 --> 10.10.216.16/9001 tcp  1
    10.10.40.234/61513 --> 10.10.229.16/9093 tcp  1
    10.10.41.113/54678 --> 10.10.111.160/80 tcp  1


    -----------------------------------
    Top 10 src-ip
    -----------------------------------
    10.10.229.164  6967
    10.10.229.16  2800
    10.10.110.134  2745
    10.10.230.61  2585
    192.168.1.33  2546
    10.10.230.22  2542
    10.10.230.60  2486
    10.10.230.24  2473
    10.10.230.32  2441
    10.10.231.23  2434


    -----------------------------------
    Top 10 dst-ip
    -----------------------------------
    10.10.229.16  13414
    10.10.11.16  9482
    10.10.216.16  7369
    10.20.229.27  5567
    10.20.229.24  3822
    10.10.115.16  3541
    10.10.219.16  3219
    10.21.98.97  2514
    10.21.198.200  2471
    10.22.27.100  2380


    -----------------------------------
    Top 10 src-port
    -----------------------------------
    9093  415
    8083  301
    32769  146
    32771  105
    32770  101
    32773  89
    32772  65
    8082  64
    32775  63
    32779  53


    -----------------------------------
    Top 10 dst-port
    -----------------------------------
    80  27057
    9093  14747
    9001  7374
    25  6266
    20000  4183
    8082  3707
    110  3459
    50000  3452
    13000  2514
    9090  2179


    -----------------------------------
    Top 10 protocol
    -----------------------------------
    tcp  92963
    ipv6  8
    udp  3


    -----------------------------------
    Top 10 Policy name
    -----------------------------------
    2  52230
    55  13257
    1494  7369
    6075  5548
    6063  1433
    1562  1346
    67  1267
    6035  1171
    6181  1039
    578  955


    -----------------------------------
    Top 10 Incoming interface
    -----------------------------------
    reth1.0  52250
    reth0.0  40724


    -----------------------------------
    Top 10 Session Timout
    -----------------------------------
    9752  86
    9832  76
    9934  76
    9798  75
    9734  75
    9702  74
    9662  74
    9634  74
    9636  72
    9668  72

     



  • 2.  RE: SRX Session Analyzer based on Perl
    Best Answer

    Posted 11-17-2010 00:28

    Thats a great tool and will surely be helpful!



  • 3.  RE: SRX Session Analyzer based on Perl

    Posted 06-29-2011 11:22

    I am interested in this software, but I can not find where to download it, please your help with this info, my email monicar@juniper.net

     

    Regards,






  • 4.  RE: SRX Session Analyzer based on Perl

    Posted 04-02-2019 11:11

    Can you please also send me your session analyzer tool.

     

    Thank you very much!

    gcmeads@yahoo.com



  • 5.  RE: SRX Session Analyzer based on Perl

    Posted 10-19-2011 01:56

    Hello KIM

     

    Would you like to send to me jsa.txt (or jsa.pl) ?

    my email address is jaeok97@nate.com .

    Regards,



  • 6.  RE: SRX Session Analyzer based on Perl

    Posted 10-27-2011 03:40

    Can you please also send me your session analyzer tool?

     

    Thank you very much!

    Patrick



  • 7.  RE: SRX Session Analyzer based on Perl

    Posted 11-08-2011 23:05

    Could you please send me an copy one..Thanks.

    acorila@hotmail.com



  • 8.  RE: SRX Session Analyzer based on Perl

    Posted 11-17-2011 12:43

    Nice tool.

     

    Can you send me the mac osx version

     

    pavasa050177@hotmail.com

     

    Thanks



  • 9.  RE: SRX Session Analyzer based on Perl

    Posted 12-04-2011 07:11

    Can you send me above tool file?

    my email address is lovensk0@gmail.com

     



  • 10.  RE: SRX Session Analyzer based on Perl

    Posted 12-05-2011 04:54

    Hi,

     

    It seems interesting. Would you plaese send the coding or sofware to me at email id:   vpnsupport@ith.co.in.

     

    One thing to ask will it tell which ip or traffic is consuming what much bandwidth ?

     

    Thanks



  • 11.  RE: SRX Session Analyzer based on Perl

    Posted 12-06-2011 00:38

    Hi,

    Can you please send me this tool on ricky.nahar@gmail.com.

     

    Thanks in advance.

    Chandradip



  • 12.  RE: SRX Session Analyzer based on Perl

    Posted 01-08-2012 20:26

    Please send me this tool, my E-mail: phihaitran@yahoo.com

     

    Thanks a lot



  • 13.  RE: SRX Session Analyzer based on Perl

    Posted 01-17-2012 10:31

    Can I get a copy of your perl script?  It looks like just what I need to help troubleshoot some issue we're experiencing!

     

    e-mail: truth14@gmail.com

     



  • 14.  RE: SRX Session Analyzer based on Perl

    Posted 02-09-2012 05:19

    Also looking to get a copy of the code if possible?

     

    Please send to remington.loose@synchronoss.com.

     

    Thanks!



  • 15.  RE: SRX Session Analyzer based on Perl

    Posted 02-20-2012 05:51

    BugHunter,

     

    Would you be so kind to send the software to me?

    kristof.vandenborn@belgacom.be

     

    Thanks,

     

    Kristof



  • 16.  RE: SRX Session Analyzer based on Perl

    Posted 03-08-2012 19:28

    I'm interested in this tool as well. Can you send it to amanda@boomhq.com please? Thanks



  • 17.  RE: SRX Session Analyzer based on Perl

    Posted 04-23-2012 04:44

    Please, sende this scrpit , it must be very usefeu!! Sure!!

     

    Thank you!!



  • 18.  RE: SRX Session Analyzer based on Perl

    Posted 04-23-2012 04:45

    Please, send me this scrpit , it must be very usefull!! Sure!!

     

    My e-mail is licencias@mss.scc.com

     

    Thank you!!



  • 19.  RE: SRX Session Analyzer based on Perl

    Posted 08-07-2012 12:57

    Can some one please send this script to r.vinayaka@gmail.com

     



  • 20.  RE: SRX Session Analyzer based on Perl

    Posted 08-07-2012 20:19

    Hi, can you send me the tool? My email address is ben_che@msn.com.

    Thanks!



  • 21.  RE: SRX Session Analyzer based on Perl

    Posted 08-07-2012 20:57

    Hello, where is the attachment, can you send it to me? Thank you. My mail is zouj@gacfiatauto.com



  • 22.  RE: SRX Session Analyzer based on Perl

    Posted 08-07-2012 21:11

    Hi,


    great tool!
    Can you please send me this tool to -  billwong@sunnyvision.com

     

    Thanks in advance.

     



  • 23.  RE: SRX Session Analyzer based on Perl

    Posted 08-16-2012 07:33

    Could you send me a copy of the perl script?  powelljustin@gmail.com



  • 24.  RE: SRX Session Analyzer based on Perl

    Posted 08-17-2012 07:11

    Hello,

     

    Could you also send me a copy of the perl script?  ludo.info@laposte.net

     

    Regards,



  • 25.  RE: SRX Session Analyzer based on Perl

    Posted 08-23-2012 06:35
    HI can anybody send me this tool also. onedread@gmail.com would be very nice from you guys. regards onedread


  • 26.  RE: SRX Session Analyzer based on Perl

    Posted 08-31-2012 09:17

    Can you send me a copy of your srx-session-analyzer to r.zimmermann@siegnetz.de?



  • 27.  RE: SRX Session Analyzer based on Perl

    Posted 10-26-2012 06:08

    Could you send me a copy as well? wouter@spierenburg.net  Thanks!



  • 28.  RE: SRX Session Analyzer based on Perl

    Posted 01-23-2013 01:54

    Hello!

    Can you send me a copy to junipe@ukr.net

    Thanks

     

    Regards,



  • 29.  RE: SRX Session Analyzer based on Perl

    Posted 01-24-2013 14:52

    Can you please send to me as well...

     

    berky2755 (at) gmail (dot) com

     

    thanks.



  • 30.  RE: SRX Session Analyzer based on Perl

    Posted 02-25-2013 07:46

    I can not find where to download it,

     

    my email  pcbean@gmail.com

     

    Regards,



  • 31.  RE: SRX Session Analyzer based on Perl

    Posted 08-06-2013 10:25

    Hello Tim,

     

    Can you send me session analyzer too?

    For Mac

    email: fghashehbaba@apple.com

     

     



  • 32.  RE: SRX Session Analyzer based on Perl

    Posted 08-08-2013 05:51

    Hi Tim,

     

    good work !

     

    Please send me a copy to fbouzemarene@gmail.com

     

    Many thanks



  • 33.  RE: SRX Session Analyzer based on Perl

    Posted 04-14-2014 03:54

    Hi Tom

     

    Please can you send a copy to juniper@net2connect.co.uk

     

    Thanks

     

    David



  • 34.  RE: SRX Session Analyzer based on Perl

    Posted 04-21-2014 08:00

    Hi Tom.

    Can you send me the script, please?.

    My email is mperezbenavides@adexus.cl

     

    Best regards



  • 35.  RE: SRX Session Analyzer based on Perl

    Posted 04-22-2014 16:51
    Has anyone actually received the script?


  • 36.  RE: SRX Session Analyzer based on Perl

    Posted 04-25-2014 12:53

    Hi Tom

    Can you send me a copy of the script at johnwestpark@gmail.com

     

    Thanks

    John



  • 37.  RE: SRX Session Analyzer based on Perl

    Posted 05-19-2014 14:28

    Hello, where is the attachment, can you send it to me? Thank you. My mail is hflores@convexus.com.pe

    Try your best!


  • 38.  RE: SRX Session Analyzer based on Perl

    Posted 04-28-2015 12:19

    Hi,


    great tool!
    Can you please send me this tool to -  rpantigoso@trendcorp.com.pe

     

    Thanks in advance.

     

    Ronald Pantigoso Carbajal



  • 39.  RE: SRX Session Analyzer based on Perl

    Posted 06-11-2015 06:17

    Is this not clear cut proof that the SRX Firewall is a crap firewall

     

    All these people pleading for a home made .exe that will tell them the top talkers on their firewall !

     

    Sure even basic firewalls do that out of the box !!



  • 40.  RE: SRX Session Analyzer based on Perl

    Posted 03-28-2016 17:23

    Did you ever get the script sent to you? If so, can you share it?



  • 41.  RE: SRX Session Analyzer based on Perl

    Posted 07-01-2016 11:16

    If possible, please can you share this script to andrelomonaco@gmail.com

    Thank in Advanced

    My Best Regards



  • 42.  RE: SRX Session Analyzer based on Perl

    Posted 10-20-2015 05:26

    Can you please send me this tool to my email id : wasim.nw@gmail.com



  • 43.  RE: SRX Session Analyzer based on Perl

    Posted 03-25-2016 04:29

    Where is the PERL script please?

     



  • 44.  RE: SRX Session Analyzer based on Perl

    Posted 08-22-2016 09:18

    Can you please email me the script at pparikh@juniper.net?


    @BugHunter wrote:

    The following perl code is free to modify and use to analyze SRX session dump, which can be collected by "show security flow session". It works on Windows and Linux.

     

     

    How to use it?

    Download the attached file ('jsa.txt"), and rename it as "jsa.pl", then run it on Windows or Linux. I have tested it for 112M bytes of session dump, and it works well.

     

    For example,

     

    c:\> jsa.pl


    *** Tom's SRX Session Dump Analyzer 0.3 ***

    Enter the file name of session dump: session.txt
    How many Top Talkers do you want to see (e.g., type 10)? 10

    Nov 17 13:36:31  Extract the Session ID and Session wing0 for each session
    Nov 17 13:36:35  ...Done
    Nov 17 13:36:35  Extract src-ip, src-port, dst-ip, dst-port, policy name, incoming interface and timeout
    Nov 17 13:36:38  ...Done
    Nov 17 13:36:38  Create hash tables and sort these
    Nov 17 13:36:40  ...Done
    Nov 17 13:36:40  Sort Top 10 Talkers
    Nov 17 13:36:41  ...Done


    Check out "Top10-Talkers.log" file ...

     

     

    Contents of "Top10-Talkers.log" file

    --------------------------------------------------------------------------------
    Top 10 src-ip, src-port, dst-ip, dst-port and protocol
    --------------------------------------------------------------------------------
    192.168.1.33/55490 --> 10.10.219.16/20000 tcp  1
    192.168.2.45/39963 --> 10.10.219.16/10000 tcp  1
    10.10.10.187/34309 --> 10.10.229.17/9093 tcp  1
    192.168.1.33/52626 --> 10.10.115.19/50000 tcp  1
    10.10.10.12/27545 --> 10.10.229.20/9093 tcp  1
    192.168.3.102/41217 --> 10.10.229.16/8098 tcp  1
    192.168.4.25/48879 --> 10.10.115.220/50000 tcp  1
    192.168.5.132/56143 --> 10.10.216.16/9001 tcp  1
    10.10.40.234/61513 --> 10.10.229.16/9093 tcp  1
    10.10.41.113/54678 --> 10.10.111.160/80 tcp  1


    -----------------------------------
    Top 10 src-ip
    -----------------------------------
    10.10.229.164  6967
    10.10.229.16  2800
    10.10.110.134  2745
    10.10.230.61  2585
    192.168.1.33  2546
    10.10.230.22  2542
    10.10.230.60  2486
    10.10.230.24  2473
    10.10.230.32  2441
    10.10.231.23  2434


    -----------------------------------
    Top 10 dst-ip
    -----------------------------------
    10.10.229.16  13414
    10.10.11.16  9482
    10.10.216.16  7369
    10.20.229.27  5567
    10.20.229.24  3822
    10.10.115.16  3541
    10.10.219.16  3219
    10.21.98.97  2514
    10.21.198.200  2471
    10.22.27.100  2380


    -----------------------------------
    Top 10 src-port
    -----------------------------------
    9093  415
    8083  301
    32769  146
    32771  105
    32770  101
    32773  89
    32772  65
    8082  64
    32775  63
    32779  53


    -----------------------------------
    Top 10 dst-port
    -----------------------------------
    80  27057
    9093  14747
    9001  7374
    25  6266
    20000  4183
    8082  3707
    110  3459
    50000  3452
    13000  2514
    9090  2179


    -----------------------------------
    Top 10 protocol
    -----------------------------------
    tcp  92963
    ipv6  8
    udp  3


    -----------------------------------
    Top 10 Policy name
    -----------------------------------
    2  52230
    55  13257
    1494  7369
    6075  5548
    6063  1433
    1562  1346
    67  1267
    6035  1171
    6181  1039
    578  955


    -----------------------------------
    Top 10 Incoming interface
    -----------------------------------
    reth1.0  52250
    reth0.0  40724


    -----------------------------------
    Top 10 Session Timout
    -----------------------------------
    9752  86
    9832  76
    9934  76
    9798  75
    9734  75
    9702  74
    9662  74
    9634  74
    9636  72
    9668  72

     


     



  • 45.  RE: SRX Session Analyzer based on Perl

    Posted 01-23-2017 13:51

    Can someone please send me the script to parse these session flow logs?  Or has it been posted somewhere?

     

    alexanderfoxnyc@outlook.com

     

    Thanks



  • 46.  RE: SRX Session Analyzer based on Perl

    Posted 09-26-2017 14:27

    How do I find this script? Thank you.