SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  datapath-debug capture

    Posted 05-17-2010 02:57

    Does anyone know of any tools we can use for analyzing packet capture information from datapath-debugging on the high-end SRXs?  The format as displayed on the CLI does not appear to be supported by Wireshark.  The first two lines look to be internal headers used within the SRX.

     

    root@srx01> show security datapath-debug capture
    Packet 1, len 100: (C1/F1/P1/SEQ:5023:np-ingress)
    b0 00 00 6a 01 18 05 1d 9b e4 00 06 01 00 19 0a
    46 59 08 00 ff 01 13 9f 45 00 00 00 00 00 00 00
    00 18 74 14 b0 80 00 23 04 18 11 40 81 00 01 e5
    08 00 45 00 00 52 6f 96 40 00 3a 06 b9 1b ac 10
    a1 34 ac 12 1e 9d d0 fd 44 c0 61 1d a2 28 56 6d
    73 bb 50 18 80 00 e0 a9 00 00 00 00


    #datapath.debug


  • 2.  RE: datapath-debug capture

    Posted 05-20-2010 07:05

    FWIW, the data behind the output of the 'show security datapath-debug capture' as specified in the configuration (security -> datapath-debug -> capture-file) is of some format I cannot recognize.  ASCII representation is garbled and Wireshark does not recognize it.

     

    Anyone care to comment or better yet, shed light on?

     



  • 3.  RE: datapath-debug capture

    Posted 07-13-2011 19:33

    i meet the same issue and eager to know.



  • 4.  RE: datapath-debug capture
    Best Answer

    Posted 10-17-2011 03:04

    e2einfo.

    It`s converting the file that you have to wireshark form.

     

    Look here:

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB21563&cat=JUNOS&actp=LIST&smlogin=true



  • 5.  RE: datapath-debug capture

    Posted 10-17-2011 07:17

    Very cool.  I'll have to try it out.  You don't happen to know what from release onward this applies to?



  • 6.  RE: datapath-debug capture

    Posted 10-17-2011 08:51

    I've played with this a little on a 5800 running 10.4 but have never really gotten a usefule PCAP from it - readable after conversion yes but not actually holding the data I had set it to filter for. The deeper debug log output though can be quite useful.

    Anyone out there gotten the packet-capture to work 100%?



  • 7.  RE: datapath-debug capture

    Posted 12-09-2012 16:21

    This feature is useless. It doesnt work, even using a binary transfer the file is too large for Wireshark.

     

    Rubbish, come on juniper



  • 8.  RE: datapath-debug capture

    Posted 04-12-2013 16:56

    Just an added thought for those who may be searching for solutions to this topic, you could use tcpdump to analyse this data. I am of the opinion that it would be a better utility to use since it is a unix utility and this is unix/linux box. In fact maybe you could login to the shell as root and view the file from the unix shell using tcpdump -F so you can specify an input file. Just a thought