Which configuration would you use to enable this capture?

HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets
locally on the SRX240. Which configuration would you use to enable this capture?

HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets
locally on the SRX240. Which configuration would you use to enable this capture?

A.
[edit security flow]
user@srx# show
traceoptions {
file dump;
flag basic-datapath;
}

B.
[edit security]
user@srx# show
application-tracking {
enable;
}
flow {
traceoptions {
file dump;
flag basic-datapath;
}
}

C.
[edit firewall filter capture term one]
user@srx# show
from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
port-mirror;
accept;
}

D.
[edit firewall filter capture term one]
user@srx# show
from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
sample;
accept;
}

Explanation:

Reference:http://khurramkhalid.wordpress.com/2012/05/22/packet-capture-on-srx-devices/

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

EMS

EMS

On SRX the capture traffic is with edit security debug or edit security flow traceoptions, but firewall filter??? any comments?

Reply