Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to view the packet data via the NSM log viewer

0

0

Article ID: KB5949 KB Last Updated: 04 Dec 2012Version: 4.0
Summary:

This article provides information on how to view packet data via the NSM log viewer.

Symptoms:
  • Use an external viewer.

  • View the packet data

  • View the session ID.
Cause:

Solution:

The following solution is applicable to IDP 4.0 or later.

To view the packet data within the NSM log viewer, perform the following procedure:

  1. Go to the Tools menu and click Preferences.

  2. In the Local Information section, click the browse button that is located next to Packet viewer.

  3. Browse to the path of the executable for the packet browser (that is, Wireshark is usually located at c:\Program Files\Wireshark\wireshark.exe).

  4. To enable packet logging within a selected policy rule, right-click in the Notification area, and select the packet count; before and after the attack.

When the traffic that matches the selected attacks is generated, perform the following procedure:
  1. In the NSM log viewer, go to the View menu and click Choose columns.

  2. Select the has packet data check box.

  3. Confirm in the dialog box to accept the changes.

  4. When viewing the IDP/DI logs, scroll horizontally for the has packet data column.

  5. Right-click the Packet Data Available and select Show Packet Data In External Viewer. This should import the packet data into the Wireshark application. The user can interactively browse the captured data and view the summary and detail information for each packet.

  6. To save the packet data on your local machine for further analysis, click Show Packet Data in the External Viewer; as mentioned above. You may find a file option at the top; click File > Save. This will allow you to save the packet capture on your local machine.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search