Juniper NetScreen snoop output
The Juniper NetScreen firewalls have a build-in snoop command. Unfortunately the only output format of the snoop command is a text-dump to the debug-buffer. On the bright side: it is possible to add the hex-data of all packets so that the packets can be re-constructed with Wireshark or Tshark.
Programs supporting this file type
- Wireshark, TShark (SVN-22533 or later)
How to create this file type
To create the output files, use the following commands (issued on the console port):
set console dbuf
snoop detail len <snaplen 1-1514>
snoop filter ... (see the CLI-help for filter options)
Stop the capture with <ESC> and then display the output with the command "get dbuf stream". Select the text and save it to a file. It is also possible to save the output directly to a tftp-server with the command "get dbuf stream > tftp <host> <filename>"
The timestamp resolution of the output is in tenth of seconds.
The NetScreen-snoop handling is partially functional. It has been tested with files generated with ScreenOS 5.3 on a NS-5GT-WIRELESS-ADSL. Wireshark currently can dissect the ethernet, wifi and adsl packets.
Example capture file
Imported from https://wiki.wireshark.org/NetScreen on 2020-08-11 23:17:15 UTC