About the Data Plane Packet Capture Page

You are here: Device Administration > Tools > Data Plane Packet Capture.

Note:

This menu is supported for only SRX4600 devices and SRX5000 line of devices.

Starting in Junos OS 23.1R1 Release, you can quickly capture and analyze router data plane traffic on a device.

The packet capture diagnostic tool allows inspection of data plane traffic. The summary of each decoded packet is displayed as it is captured. Captured packets are written to a PCAP file which can be downloaded.

Capture the packet information from the operational mode without committing the configurations and with a minimal impact to the production system. You can define the packet filter to trace the traffic type based on your requirement.

To capture the data plane packet details:

1. Complete the configuration according to the guidelines provided in Table 1.

   Note:

   To capture the packet information, you must provide at least one filter option from either Basic Filter or Source & Destination Filter.

2. Click Start Packet Capture.

   The packet capturing starts, and the Data Plane Packet Capture page becomes read-only. You can navigate to other pages while the packet capture process is in progress.

3. Click Stop Packet Capture.

   The packet capturing stops and the PCAP file is automatically downloaded to your system from the /var/log/ folder. To view the packet capture file in the J-Web UI, navgate to Device Administration > Operations > Files and then click Log files.

   Note:

   • You can only request one packet capture at a time, and you must stop each request before starting another.

   • When a count limit is reached, the capture stops. Click Stop Packet Capture to download the PCAP file.

Table 1: Fields on the Data Plane Packet Capture Page

Field	Description
Basic Filter
Protocol	Select a protocol from the list to associate with the packet capture filter. You can search for a protocol name or a protocol number in the list. Range: 0 (HOPOPT) through 255 (Reserved).
Multitenancy type	Select one of the multitenancy type to filter the interface: Default, Tenant, or Logical System.
Logical interface	Select a logical interface from the list for the selected root logical system.
Tenant	Select a tenant name from the list.
Tenant logical interface	Select a logical interface from the list for the selected tenant.
Logical system	Select a logical system name from the list.
Logical system interface	Select a logical interface from the list for the selected logical system.
Source & Destination Filter
Bidirectional	With this option enabled by default, J-Web collects bidirectional information such as traffic from source port to destination port and vice-versa. Note: To capture the packet information, you must provide at least one filter option from Source & Destination Filter.
Source port	Enter source port number (for example, 0). Port number: 0 through 65535.
Source prefix	Enter source IPv4 or IPv6 address prefix to filter the packets.
Destination port	Enter destination port number (for example, 0). Port number: 0 through 65535.
Destination prefix	Enter destination IPv4 or IPv6 address prefix to filter the packets.
Additional Options
Packet capture file name	Enter a packet capture file name. You can view the PCAP file using the Wireshark. Default file name is packet-capture.
Maximum file size	Select the maximum size of the packet capture file. Range: 1 through 1024. Default is 5 MB.
Maximum capture size	Select the maximum packet capture length. The packet truncates if the capture length is more than the specified length. Range: 68 through 10000. Default is 1514.
Packet limit	Select the packet capture limit value. The packet capture ends when the packets count limit is reached. Range: 10 through 1000000. Default is 100.