Type in the following from configuration view (not under LSYS):
set security datapath-debug capture-file my-pcap
set security datapath-debug capture-file format pcap
set security datapath-debug capture-file size 1m
set security datapath-debug capture-file files 5
set security datapath-debug maximum-capture-size 1500 // If not configured will see "Packet size limited during capture" in Wireshark
set security datapath-debug action-profile my-capture event np-egress packet-dump
set security datapath-debug action-profile my-capture event np-ingress packet-dump
set security datapath-debug packet-filter pcap-filter01 action-profile my-capture
set security datapath-debug packet-filter pcap-filter01 source-prefix 10.10.10.1/32
set security datapath-debug packet-filter pcap-filter01 destination-prefix 20.20.20.2/32
set security datapath-debug packet-filter pcap-filter02 action-profile my-capture
set security datapath-debug packet-filter pcap-filter02 source-prefix 20.20.20.2/32
set security datapath-debug packet-filter pcap-filter02 destination-prefix 10.10.10.1/32
// <commit changes>
request security datapath-debug capture start
request security datapath-debug capture stop
File my-pcap will be created in /var/log directory. To convert it into Wireshark readable format use the following commands:
user@host> start shell
root@% cd /var/log
root@% e2einfo -Ccapture -Snormalize -I my-pcap -F my-pcap.pcap
successfully convert 124 packets
Copy the file from /var/log to the laptop for analysis
Rollback any changes.
Another way is to enable traffic capture on the interface and display the results in real time:
monitor traffic interface...
Another way is to enable the capture on the interface. It will save the results in a file to be viewed in Wireshark:
set logical-systems LSYS interfaces reth1 unit 100 family inet filter input capture
set logical-systems LSYS interfaces reth1 unit 100 family inet filter output capture
set logical-systems LSYS firewall filter capture term 1 from protocol gre
set logical-systems LSYS firewall filter capture term 1 then count GRE-OUT
set logical-systems LSYS firewall filter capture term 1 then sample
set logical-systems LSYS firewall filter capture term 1 then accept
set logical-systems LSYS firewall filter capture term else then accept
set forwarding-options packet-capture file filename gre-capture
set forwarding-options packet-capture maximum-capture-size 1500
file list /var/tmp
//look for the output similar to this:
//gre-capture.reth1.100
//gre-capture.xe-0/0/1
//gre-capture.xe-0/0/2
//roll back to stop the capture