Converting Netscreen Snoop to PCAP (useful format to use netanalysers like Wireshark)

 Collecting Snoop Captures:    

1.  Check current Snoop status using:  snoop info

2.  If snoop is currently running, turn it off using: snoop off

3.  If snoop filters are setup, delete them with:  snoop filter delete

4.  Ensure that all debugging is turned off with:  undebug all

5.  Create your own snoop filter with:  snoop fitler ip

6.  Turn on detailed debugging with:  snoop detail

7.  Clear the database with:  clear db

8.  Turn on Snoop with:  snoop

9.  Test connectivity to capture traffic

  1. View the Capture using:  get db stream

Converting Snoop Capture to PCAP:    

  1. Copy and paste the output of get db stream to a text file.

  2. Save it to the D:\Juniper-PCAP folder

  • NOTE: Filenames & Paths cannot have spaces
  1. On Server, in the D:\Juniper-PCAP folder, run snoopconv.exe

  2. When prompted enter the name of the text file you created.

  3. When prompted enter the name of a destination .pcap file

  4. View the newly created file using Wireshark / Ethereal



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s