Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring Packet Capture for Datapath Debugging

This example shows how to configure packet capture to monitor traffic that passes through the device. Packet Capture then dumps the packets into a PCAP file format that can be later examined by the tcpdump utility.

Requirements

Before you begin, see Debugging the Data Path (CLI Procedure).

Overview

A filter is defined to filter traffic; then an action profile is applied to the filtered traffic. The action profile specifies a variety of actions on the processing unit. One of the supported actions is packet dump, which sends the packet to the Routing Engine and stores it in proprietary form to be read using the show security datapath-debug capture command.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

set security datapath-debug capture-file my-capture set security datapath-debug capture-file format pcap set security datapath-debug capture-file size 1m set security datapath-debug capture-file files 5 set security datapath-debug maximum-capture-size 400 set security datapath-debug action-profile do-capture event np-ingress packet-dump set security datapath-debug packet-filter my-filter action-profile do-capture set security datapath-debug packet-filter my-filter source-prefix 1.2.3.4/32

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure packet capture:

  1. Edit the security datapath-debug option for the multiple processing units along the packet-processing path:
    [edit]user@host# edit security datapath-debug
  2. Enable the capture file, the file format, the file size, and the number of files. Size number limits the size of the capture file. After the limit size is reached, if the file number is specified, then the capture file will be rotated to filename x, where x is auto-incremented until it reaches the specified index and then returns to zero. If no files index is specified, the packets will be discarded after the size limit is reached. The default size is 512 kilobytes.
    [edit security datapath-debug]user@host# set capture-file my-capture format pcap size 1m files 5[edit security datapath-debug]user@host# set maximum-capture-size 400
  3. Enable action profile and set the event. Set the action profile as do-capture and the event type as np-ingress:
    [edit security datapath-debug]user@host# edit action-profile do-capture[edit security datapath-debug action-profile do-capture]user@host# edit event np-ingress
  4. Enable packet dump for the action profile:
    [edit security datapath-debug action-profile do-capture event np-ingress]user@host# set packet-dump
  5. Enable packet filter, action, and filter options. The packet filter is set to my-filter, the action profile is set to do-capture, and filter option is set to source-prefix 1.2.3.4/32.
    [edit security datapath-debug]user@host# set security datapath-debug packet-filter my-filter action-profile do-capture
    [edit security datapath-debug]user@host# set security datapath-debug packet-filter my-filter source-prefix 1.2.3.4/32

Results

From configuration mode, confirm your configuration by entering the show security datapath-debug command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it. The following isshow security datapath-debug output from the show security datapath-debug command:

security {datapath-debug { capture-file {my-capture format pcap size 1m files 5; }}maximum-capture-size 100; action-profile do-capture { event np-ingress { packet-dump } } packet-filter my-filter { source-prefix 1.2.3.4/32 action-profile do-capture } }

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Packet Capture

Purpose

Verify if the packet capture is working.

Action

From operational mode, enter the request security datapath-debug capture start command to start packet capture and enter the request security datapath-debug capture stop command to stop packet capture.

To view the results, from CLI operational mode, access the local UNIX shell and navigate to the directory /var/log/my-capture. The result can be read by using the tcpdump utility.

Verifying data path debugging capture

Purpose

Verify the details of data path debugging capture file.

Action

From operational mode, enter the show security datapath-debug capture command.

user@host>show security datapath-debug capture

Verifying data path debugging counter

Purpose

Verify the details of the data path debugging counter.

Action

From operational mode, enter the show security datapath-debug counter command.

 

Related Documentation

 

Published: 2015-02-25

Previous Page Next Page