Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How do you use Snoop for troubleshooting?

0

0

Article ID: KB5411 KB Last Updated: 23 Dec 2019Version: 7.0
Summary:

This article answers the following questions:

  • Is there a way to collect packet capture on the ScreenOS device?

  • How do you use Snoop for troubleshooting?

 

Symptoms:

Users may want to use the snoop utility.

 

Solution:

Snoop is a powerful troubleshooting tool that gives users the ability to view packet information from layer-2 to layer-4 as it comes into and out of firewall interfaces. The typical procedure when using snoop is detailed as follows:

  1. Set the firewall to send the snoop output to the debug buffer (it is on by default):
set console dbuf [Enter]
  1. Create and verify the desired snoop filters. For additional details, consult  KB6586 - What options are available when configuring snoop? and KB6707 - Understanding how to apply logical AND or OR snoop filters.
snoop <options> [Enter]
snoop info         (to see settings)
  1. Clear the debug buffer:
clear db [Enter]

Note: The debug buffer is a circular buffer. After the buffer has reached its size limit, the oldest data will be overwritten. The buffer size is configurable. To change the size, use the following command:

set db size <n_size>
where n_size = 32 to 4096. The size range is in kilobytes
  1. Enable snoop:
snoop [Enter]
Start Snoop, type ESC or 'snoop off' to stop, continue? [y]/n y
  1. After testing, disable snoop:
snoop off [Enter]
  1. View the contents of the debug buffer.  For assistance, consult: KB6708 - How do I interpret the snoop output? and KB5413 - Following a packet using Snoop.
get dbuf stream [Enter]

Note: This does not look at packets as they traverse the flow engine within ScreenOS. To achieve this, refer to KB5536 - [ScreenOS] How do I capture debugging (debug flow) information?

 

Modification History:

2019-12-23: Added note in the Solution section that this does not debug flow of a packet; added link referencing the debug flow procedure.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search