Mise en place de la capture sur le pare-feu
$ cli > configure > set forwarding-options packet-capture file filename MyCapture files 10 > set forwarding-options packet-capture maximum-capture-size 1500 > set firewall filter MyFilter term capture from source-address <address/wildcard> > set firewall filter MyFilter term capture from destination-address <address/wildcard> > set firewall filter MyFilter term capture from protocol <protocol> > set firewall filter MyFilter term capture then sample > set firewall filter MyFilter term capture then accept > set firewall filter MyFilter term allow-all-else then accept > set interfaces <interface> unit <vlan> family inet filter input MyFilter > commit
Retrait de la capture sur le pare-feu
> delete interfaces <interface> unit <vlan> family inet filter input MyFilter delete firewall filter MyFilter delete forward-options packet-capture
Transfert et analyse de la capture
Récupération des fichiers de capture (MyCapture.<interface>) se trouvant sous /var/tmp/ via un client SFTP. Ouverture des fichiers via le client Wireshark