Archive for December, 2011

It may be necessary to adjust the arp cache timeout in your Juniper firewall, otherwise know as the arp age. Login through SSH and search the config to see if an arp age is already set:

get config | inc arp

If nothing is returned then the arp age is set to the default of 20 minutes. To set this timeout value use the “set arp age” command followed by the number of seconds. For example the following command will set the arp cache timeout to 60 seconds:

set arp age 60

Make sure to save this change by using the “save” command or else it will be reverted next time the firewall is rebooted:

save

Wireshark offers command line options which allows users to capture traffic information through a batch file. This also means the built in Windows scheduled task feature can be used to schedule a capture.

Example batch file:

"C:\Program Files\Wireshark\tshark.exe" -a duration:14400 -a filesize:20480 -a files:512 -w "C:\Program Files\Wireshark\captures\Packet_Capture.pcap"

-w: Specifies the output file:
In this example it will create the following file and increment the names if multiple files are being created:
C:\Program Files\Wireshark\captures\Packet_Capture.pcap

-a: Capture autostop conditions in the example above:
duration: Stop after 14400 seconds (4 hours)
filesize: Create a new file after it reaches 20480KB (20MB)
files: Stop creating new files after it reaches 512 (512 x 20MB = 10GB total)

For a full list of command line options use “wireshark -h” in a command prompt or take a look at the Wireshark command line help page.