Capture et analyse du trafic sur un Juniper SRX 650

Mise en place de la capture sur le pare-feu

$ cli
> configure
> set forwarding-options packet-capture file filename MyCapture files 10
> set forwarding-options packet-capture maximum-capture-size 1500
> set firewall filter MyFilter term capture from source-address <address/wildcard>
> set firewall filter MyFilter term capture from destination-address <address/wildcard>
> set firewall filter MyFilter term capture from protocol <protocol>
> set firewall filter MyFilter term capture then sample
> set firewall filter MyFilter term capture then accept
> set firewall filter MyFilter term allow-all-else then accept
> set interfaces <interface> unit <vlan> family inet filter input MyFilter
> commit

Retrait de la capture sur le pare-feu

> delete interfaces <interface> unit <vlan> family inet filter input MyFilter delete firewall filter MyFilter delete forward-options packet-capture

Transfert et analyse de la capture

Récupération des fichiers de capture (MyCapture.<interface>) se trouvant sous /var/tmp/ via un client SFTP. Ouverture des fichiers via le client Wireshark

Leave a comment

Your email address will not be published. Required fields are marked *