Sniffing Snoop on Netscreen/Juniper Firewalls
If you want to sniff traffic on a juniper netscreen firewall you will need to use the snoop command. The best thing to do is the following:
Filter out what you want to look for. If you want to filter out anything coming and going into 192.168.0.1 you will need to do the following:
Snoop filter IP 192.168.0.1
Once you turn on the filter, you will need to enable snoop which is done by just typing in snoop.
After you generate the traffic you will use the get dbuf command to view it.
One dbuf command that i like is ‘get dbuf stream’. If you want to see other commands just issue a ? after the command. For example, you can issue ‘get dbuf ?’ which will show the following:
computer repair Denver-> get dbuf ?
info show debug buffer info
mem show debug buffer memory content
stream show debug buffer stream
So, to recap you can issue the following commands to sniff and view traffic for 192.168.0.1 (both incoming and outgoing)
snoop filter ip 192.168.0.1
get dbuf stream
Once you are done, you can issue ’snoop off’ to turn the sniffing off.