access-list CAP_OUT_ACL extended permit tcp host 172.20.178.12 host 172.20.188.12 eq 443
access-list CAP_IN_ACL extended permit tcp host 172.20.188.12 host 172.20.178.12 eq 443
capture CAP_OUT interface WAN access-list CAP_OUT_ACL
capture CAP_IN interface WAN access-list CAP_IN_ACL
clear capture CAP_OUT
clear capture CAP_IN
sh capture
sh capture CAP_OUT
Friday, 27 November 2015
Thursday, 5 November 2015
packet-tracer for juniper screen os ... sort of
http://kb.juniper.net/InfoCenter/index?page=content&id=KB5536&actp=search
Set logging the debug to the console (not sure that this is required might be an old command)
set console dbuf
Set your filters to match the interesting traffic
set ffilter src-ip xx.xx.xx.xx dst-ip yy.yy.yy.yy
set ffilter src-ip yy.yy.yy.yy dst-ip xx.xx.xx.xx
unset ffilter ? (to remove, usually use id "0")
Start the debug
Debug flow basic
(can also use 'debug flow drop' to only see drop/deny)
Generate your traffic
ping yy.yy.yy.yy
Stop the debug
Press ESC when finished or 'undebug all'
Show the debug output
get db stream
Clear the debug to do a fresh test without a wall of text
clear db
There is a lot of output but if you read through you should see the routing, nat and policy(ACL) matching and what happened to the traffic.
Set logging the debug to the console (not sure that this is required might be an old command)
set console dbuf
Set your filters to match the interesting traffic
set ffilter src-ip xx.xx.xx.xx dst-ip yy.yy.yy.yy
set ffilter src-ip yy.yy.yy.yy dst-ip xx.xx.xx.xx
unset ffilter ? (to remove, usually use id "0")
Start the debug
Debug flow basic
(can also use 'debug flow drop' to only see drop/deny)
Generate your traffic
ping yy.yy.yy.yy
Stop the debug
Press ESC when finished or 'undebug all'
Show the debug output
get db stream
Clear the debug to do a fresh test without a wall of text
clear db
There is a lot of output but if you read through you should see the routing, nat and policy(ACL) matching and what happened to the traffic.
Subscribe to:
Posts (Atom)