Hi Skeeve, There are a few ways to do it. 1. You could login to the shell as root and tcpdump the interface to a capture file, this won't be "live" but you can roll files over. http://www.fir3net.com/Juniper-SRX-Series-Gateway/running-a-packet-capture-on-a-juniper-srx.html
2. You could also monitor the traffic for live visibility "monitor interface <X.y> extensive no-resolve size <mtu>" without quotations, and set <> enclosed to match your configuration. I believe SRX210H have 1GB flash so the latter may be better. 3. Alternately set the forwarding options to capture the file (if platform supports it) http://kb.juniper.net/InfoCenter/index?page=content&id=KB11709 4. Mirror the port to a host and capture with wireshark. http://kb.juniper.net/InfoCenter/index?page=content&id=KB21833 Regards, Leo Mallett -----Original Message----- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Skeeve Stevens Sent: Monday, August 12, 2013 3:12 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] SRX210 + AppTrack. How to analyse? Hey all, I have a customer in a bandwidth sensitive location (expensive and slow), and they would like to know what is going through their device, and who is doing it. In Cisco terms, this was NBAR - we used it many times to track down bandwidth hogs. This is a small branch site using a SRX210H, and obviously STRM is too expensive for a reporting engine. So what I am looking for is... How can we look at their device, and see what is happening (preferably live) on a protocol and user (IP?) basis. I understand it can export to syslog, but that just gives me lots of text to deal with... nothing that is easy to look at. Thank you for helping out guys! ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd ske...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve twitter.com/networkceoau ; blog: www.network-ceo.net The Experts Who The Experts Call Juniper - Cisco - Cloud _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
