Like on a juniper SRX you can conduct packet captures within PAN-OS. I will show you how.
1st it's ideal to specify a filter this limits the information you capture to just the traffic that you want. If your working with support or a sysadmin it's ideal to set capture filters for what your looking at.
e.g ( to look at src/dst of 192.0.2.1 192.0.0.244 )
debug dataplane packet-diag set filter match source 192.0.2.1
debug dataplane packet-diag set filter match destination 192.0.0.244
debug dataplane packet-diag set filter on
Now you can prepare the capture;
debug dataplane packet-diag set capture stage drop file <filename>
debug dataplane packet-diag set capture stage transmit file <filename>
debug dataplane packet-diag set capture stage receive file <filename>
debug dataplane packet-diag set capture stage firewall file <filename>
Now you can enable the capture;
debug dataplane packet-diag set capture on
Now you can view the name capture file or export the capture via SCP or TFTP
(view)
view-pcap follow yes filter-pcap
(exportation )
scp export filter-pcap from <filename> to username@<host IP>:/path
tftp export filter-pcap from <filename> to <host IP>
Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( * * )=
o
/ \
Palo Alto Firewall Palo Alto Firewall Training "
ReplyDeletePalo Alto Firewall Online Training
Send ur Enquiry to contact@21cssindia.com
Module 0: Overview
Module 1: Platforms & Architecture
Hardware Platforms" more… Online Training- Corporate Training- IT Support U Can Reach Us On +917386622889 - +919000444287 http://www.21cssindia.com/courses/palo-alto-firewall-online-training-251.html