Skip to content

Juniper Netscreen

Constructor : Juniper

Device : Netscreen

Theoretical injector performance

9956 EPS

Log format : FIrewall Traffic

Standard Structure of a traffic log message :

PFIRN102: NetScreen device_id=SPFIRN102 [Root]system-notification-00257(traffic): start_time=\"2016-01-28 05:12:31\" duration=2 policy_id=14 service=http proto=6 src zone=Sas dst zone=Internet action=Permit sent=724 rcvd=674 src=192.168.155.25 dst=62.210.93.8 src_port=45731 dst_port=80 src-xlated ip=192.168.155.25 port=45731 dst-xlated ip=62.210.93.8 port=80 session_id=231854 reason=Close

Constructor field LMC field
Device Model [obs][host][name]
Device Serial Number [netscreen][device_id]
Severity Level [alarm][sev]
Type ID [netscreen][type_id]
Type [type]
Start Time [obs][ts]
Duration [session][duration]
Traffic Policy [netscreen][policy_id]
Service [netscreen][service]
Protocol Number [app][proto][id]
Source Zone [netscreen][src_zone]
Destination Zone [netscreen][dst_zone]
Policy Action [action]
Bytes Sent [session][out][byte]
Bytes Received [session][in][byte]
Source IP Address [init][host][ip]
Destination IP Address [target][host][ip]
Source Port [init][host][port]
Destination Port [target][host][port]
Source NAT IP Address [init][nat][host][ip]
Destination NAT IP [target][nat][host][ip]
Source NAT Port [init][host][nat][port]
Destination NAT Port [target][host][nat][port]
session_id [session][id]
session_reason [netscreen][session_reason]

exemple : version 6 SN103: NetScreen device_id=SN103 [Root]system-notification-00257(traffic): start_time=\"2016-01-28 05:12:31\" duration=2 policy_id=14 service=http proto=6 src zone=Sas dst zone=Internet action=Permit sent=724 rcvd=674 src=192.168.155.25 dst=62.200.90.8 src_port=45731 dst_port=80 src-xlated ip=192.168.155.25 port=45731 dst-xlated ip=62.200.91.2 port=80 session_id=231854 reason=Close version 4 ns204: NetScreen device_id=netscreen2 [Root]system-notification-00257(traffic): start_time= duration=0 policy id=320001 service=msrpc Endpoint Mapper(tcp) proto=6 src zone=Null dst zone=self action=Deny sent=0 rcvd=16384 src=21.10.90.125 dst=23.16.1.1

Unit Test

unit_traffic_permit.json unit_traffic_deny.json unit_traffic_tunnel.json

Log format : Idp


Constructor field LMC field
Log ID not used
Time Received [rep][ts]
Alert [netscreen][alert]
Src Addr [init][host][ip]
Dst Addr [target][host][ip]
Action [action]
Protocol [app][proto][name]
Dst Port [target][host][port]
Rule # [rule][id]
Nat Src Addr [init][nat][host][ip]
Nat Dst Addr [target][nat][host][ip]
Details [netscreen][misc]
Category [netscreen][category]
Subcategory [netscreen][attack]
Severity [alarm][sev]
Device [init][usr][name]
Comment [session][out][byte]
Application Name [app][name]
Bytes In [session][in][byte]
Bytes Out [session][out][byte]
Bytes Total not used
Domain [init][usr][domain]
Device family not used
Dst Intf [netscreen][outbound_interface]
Dst Zone [netscreen][destination_zone]
Elapsed Secs [session][duration]
Has Packet Data not used
NAT Dst Port [target][host][nat][port]
NAT Src Port [init][host][nat][port]
Packets In [session][in][packet]
Packets Out [session][out][packet]
Packets Total not used
Policy [netscreen][policy]
Roles not used
Rule Domain not used
Rule Domain Ver not used
Rulebase [rule][name]
Src Intf [netscreen][inbound_interface]
Src Port [init][host][port]
Src Zone [netscreen][source_zone]
Time Generated [obs][ts]
User [init][usr][name]

exemple : dayId=2006/10|/12 21:52:21 device_ip= attack= srcAddr= natSrcPort= dstAddr= natDstPort= policy= severity= outbytes= repCount= misc=

Unit Test

unit_idp.json