Noynim IT Solutions of Denver, Colorado » Juniper Netscreen http://www.noynim.com Denver Computer Support Mon, 26 Dec 2011 22:31:53 +0000 en hourly 1 http://wordpress.org/?v=3.3 Sniffing Snoop on Netscreen/Juniper Firewalls http://www.noynim.com/2009/12/19/sniffing-snoop-netscreen-firewalls/ http://www.noynim.com/2009/12/19/sniffing-snoop-netscreen-firewalls/#comments Sat, 19 Dec 2009 05:06:59 +0000 Noynim IT Solutions http://www.noynim.com/dev/?p=31 If you want to sniff traffic on a juniper netscreen firewall you will need to use the snoop command. The best thing to do is the following:

Filter out what you want to look for.  If you want to filter out anything coming and going into 192.168.0.1 you will need to do the following:

Snoop filter IP 192.168.0.1

Once you turn on the filter, you will need to enable snoop which is done by just typing in snoop.

After you generate the traffic you will use the get dbuf command to view it.

One dbuf command that i like is ‘get dbuf stream’. If you want to see other commands just issue a ? after the command. For example, you can issue ‘get dbuf ?’ which will show the following:

computer repair Denver-> get dbuf ?
info show debug buffer info
mem show debug buffer memory content
stream show debug buffer stream

So, to recap you can issue the following commands to sniff and view traffic for 192.168.0.1 (both incoming and outgoing)

snoop filter ip 192.168.0.1
snoop
get dbuf stream

Once you are done, you can issue ’snoop off’ to turn the sniffing off.

]]> http://www.noynim.com/2009/12/19/sniffing-snoop-netscreen-firewalls/feed/ 0