zeldor.biz

Linux, programming and more

Debug on a Juniper firewall

by Leave a Comment

Example, you want to debug a connection from a client(192.168.110.20) to the internet (google – 8.8.8.8).

From your client you start a continuous ping to 8.8.8.8, now you are able to debug the traffic on your juniper device.

Go via SSH to your Juniper:

1

ssh netscreen@192.168.110.1
1
2
3
4

320-node2(M)->
320-node2(M)-> undebug all
320-node2(M)-> get ffilter
320-node2(M)->clear db

Create new filter:

1
2
3
4
5
6
7
8
9
10

320-node2(M)-&gt; set ffilter <return>
# Available debug options:
dst-ip flow filter dst ip
dst-port flow filter dst port
ip-proto flow filter ip proto
src-ip flow filter src ip
src-port flow filter src port
320-node2(M)-&gt; set ffilter src-ip 192.168.110.20 dst-ip 8.8.8.8
320-node2(M)-&gt; debug flow basic
</return>

View dump:

1

320-node2(M)-&gt; get db stream

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *