Changing Encapsulation on Interfaces with Packet Capture Configured Before modifying the encapsulation on a device interface that is configured for packet capture, you must disable packet capture and rename the latest packet capture file. Otherwise, packet capture saves the packets with different encapsulations in the same packet capture file. Packet files containing packets with different encapsulations are not useful, because packet analyzer tools like tcpdump cannot analyze such files.
To see ARP traffic use tcpdump command: 1.) get to UNIX prompt via start shell 2.) tcpdump -x -i ge-2/1/0 arp [The interface is a gigabit ethernet ( ge ) in FPC 2, PIC 1, per port 0.] To see ARP traffic use tcpdump command: 1.) get to UNIX prompt via start shell 2
User has configured the SRX device for sending event and flow data to STRM. TCPDUMP on STRM interface with a filter for SRX s logging interface shows packets received but no flow data is seen in WebUI.
Soft restart of STRM services and Hard reset of the unit does not help. TCPDUMP on incoming interface shows that events are being received on STRM s physical interface Due to power recycle or corrupted configuration files, the following errors may be seen in /var/log/qradar.log
Troubleshooting Juniper s dhcp-relay implementation Troubleshooting Juniper s dhcp-relay implementation: 1. Is the Juniper receiving the DHCP or BOOTP requests from the client on the interface toward the client From the shell: tcpdump -i
If events still do not appear, please make sure that Syslog traffic is received on the STRM network interface, by capturing traffic from the STRM Linux shell: # tcpdump -i eth0 -n port 514 and host IPADDRESSOFTHEDEVICE (assuming the Syslog is using port 514)