Skip to main content

[ScreenOS] Snoop and debug flow


Debug flow basic:
Understanding debug flow filters: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6709&actp=METADATA
Running "debug flow basic": https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208
How do I capture debugging (debug flow) information?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB5536&actp=METADATA
When to use 'snoop' and 'debug flow': https://kb.juniper.net/InfoCenter/index?page=content&id=KB5967&actp=METADATA

Snoop:
How do you use Snoop for troubleshooting?:https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411&actp=METADATA
What options are available when configuring snoop?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6586&actp=METADATA
How to apply the logical 'AND' or 'OR' snoop filters: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6707&actp=METADATA
How do I interpret the snoop output?https://kb.juniper.net/InfoCenter/index?page=content&id=KB6708&actp=METADATA
How to follow a packet by using Snoop: https://kb.juniper.net/InfoCenter/index?page=content&id=KB5413&actp=METADATA
How do I view snoop output in Wireshark?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB20562&actp=METADATA&act=loginhttps://kb.juniper.net/InfoCenter/index?page=content&id=KB20562&actp=METADATA&act=login
Labels:

Comments

Post a comment

Popular posts from this blog

What is vSRX?

vSRX is a virtual firewall appliance for cloud environments. It runs as a VM on Hypervisors hosted on x86 hardware.

It is built on Juniper's OS (JunOS), however unlike FreeBSD linux used by JunOS earlier, vSRX is developed on top of Yocto Linux (WindRiver). This allows the appliance to perform better than any other Virtual Firewall in the market.

vSRX includes below features:
1. Full Stateful Firewall
2. Routing
3. VPN
4. IPS (Intrusion Detection and Prevention)
5. Application Firewall
6. Antivirus
7. AntiSpam
8. Webfiltering
9. Content-filtering
10. High Availability


Post a comment
Read more

[IDP Series] NIC Bypass

The Internal NICBypass helps prevent network outage due to IDP entering a hang state or experiencing high CPU utilization when the IDP device is in inline mode (transparent mode only). The internal NICBypass employs WatchDog Timers to achieve the functionality.
The nicBypass script which is located in /usr/idp/device/bin/ prevents the interfaces from going into bypass mode when the IDP is working normally by resetting the watchdog timer. It also restores the interfaces to normal mode if they had gone into Bypass mode. The nicBypass script performs this check and takes the action (if required) every "loopInterval" seconds (the script 'sleeps' for "loopInterval" seconds). 
These two parameters can be configured via the idp.cfg file on the IDP Sensor as shown below:                                                                                                               
nicBypass.watchdogInterval             10 (secs)  nicBypass.loopInterval             …
Post a comment
Read more

[vSRX] Installing on KVM

Two ways
VirtManager(GUI)
virt install (cli)
Other ways (Qemu)

On Server:
uname -a
lscpu (architecture, support virtualization (VT-X), NUMA)
lspci / lspci -vvv |grep Ether
dmidecode
lsmod | grep kvm
virsh - qemu:///system list
virsh dumpxml <instance ID> (will show configuration file for the VM, similar to .vmx file in vmware)
virsh net-list --all
virsh domiflist <vm-name>
brctl show
Post a comment
Read more