1- Increase the size of the dbuf buffer from the default of 32k
set dbuf size 4096
2- By default, snoop will only capture the headers of packets, i.e. 96 bytes. It won't capture the entire packet. If you want to capture the entire packet, you will need to use snoop detail len, where len specifies the amount of data in bytes you wish to capture for each packet, e.g., snoop detail len 256 to capture the first 256 bytes of packets
snoop detail len 256
3- To create a filter so that you see only the pertinent data, unless you want to see everything.
snoop filter ip 10.10.10.10
4- Before starting snoop, make sure that the buffer is empty:
clear dbuf
5- Start snooping:
snoop
6- Make sure to close snoop, as it's resource intensive:
snoop off
7- You can send the captured data to an external tftp server:
get dbuf stream > tftp 10.10.10.11 capture.pcap
Reference: http://support.moonpoint.com/security/firewalls/netscreen/snoop.php
set dbuf size 4096
2- By default, snoop will only capture the headers of packets, i.e. 96 bytes. It won't capture the entire packet. If you want to capture the entire packet, you will need to use snoop detail len, where len specifies the amount of data in bytes you wish to capture for each packet, e.g., snoop detail len 256 to capture the first 256 bytes of packets
snoop detail len 256
3- To create a filter so that you see only the pertinent data, unless you want to see everything.
snoop filter ip 10.10.10.10
4- Before starting snoop, make sure that the buffer is empty:
clear dbuf
5- Start snooping:
snoop
6- Make sure to close snoop, as it's resource intensive:
snoop off
7- You can send the captured data to an external tftp server:
get dbuf stream > tftp 10.10.10.11 capture.pcap
Reference: http://support.moonpoint.com/security/firewalls/netscreen/snoop.php
No comments:
Post a Comment