Policy Framework Configuration Guide - Juniper Networks

Junos 10.4 Policy Framework Configuration Guide
packet-capture {
disable;
file filename file-name ;
maximum-capture-size bytes;
}
To disable packet capture, include the disable statement. Packet capture is enabled by
default.
You can capture packets into files. Files are classified based on the physical interface
the packets are captured on (one file per physical interface). You can specify the file
name, maximum size, and maximum number of files. When you capture a file named
pcap-file, packet capture creates one file for each physical interface and appends the
physical interface designator to the filename (for example, at). When the file named
pcap-file.xx reaches its maximum size, the file is renamed pcap-file.xx.0. When pcap-file.xx
reaches its maximum size again, the file is renamed pcap-file.xx.1. This process continues
until the maximum number of files is exceeded. When that happens, the oldest file is
overwritten. The file named pcap-file.xx is always the latest file. The packet capture file
for an interface is created when the first packet is captured on that interface. Once
created, this file is not removed even if packet capture is disabled on the interface. All
packet capture files are stored in the /var/tmp/ directory.
If the PCAP file is deleted from the var/tmp/ directory, the file is not re-created upon the
next packet capture traffic on the interface. You must first disable and then enable PCAP
functionality again to re-create the PCAP file.
To enable capture into files, include the file statement. You can specify the target filename,
maximum file size, and the maximum number of files. To specify the name of the target
file, include the filename statement. To specify the maximum size of the file, include the
size statement. To specify the maximum number of files, include the files statement.
To specify the maximum size of the packet for capture, include the maximum-capture-size
statement.
You can capture packets on a specific interface by configuring either of the following:
• Configure a firewall filter with the action sample and apply it to the interface.
• Configure sampling on the interface in the ingress or egress traffic.
NOTE: Interface sampling does not capture host-originated packets.
Configure firewall filters to capture host-originated packets.
NOTE: A firewall filter applied to a loopback interface (lo0) affects all
packets going to and from the Routing Engine.
You can capture packets on a specific interface. For information about configuring
interfaces, see the Junos OS Network Interfaces Configuration Guide.
380
Copyright © 2010, Juniper Networks, Inc.