HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets
locally on the SRX240. Which configuration would you use to enable this capture?
A.
[edit security flow]
user@srx# show
traceoptions {
file dump;
flag basic-datapath;
}
B.
[edit security]
user@srx# show
application-tracking {
enable;
}
flow {
traceoptions {
file dump;
flag basic-datapath;
}
}
C.
[edit firewall filter capture term one]
user@srx# show
from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
port-mirror;
accept;
}
D.
[edit firewall filter capture term one]
user@srx# show
from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
sample;
accept;
}
Explanation:
Reference:http://khurramkhalid.wordpress.com/2012/05/22/packet-capture-on-srx-devices/
On SRX the capture traffic is with edit security debug or edit security flow traceoptions, but firewall filter??? any comments?
0
0