In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is available starting with 6.0.
The profiling is only available in CLI, so you need to know how to get there by a serial attached terminal emulation, or telnet / ssh. This is not covered here.
General CLI tip
At all times, you can type unique starting parts of the commands:
get fpro pac stop
and if you can't remember the syntax, just put a question mark after your command to get further help:
get fpro pac ?
or press [Tab] for auto-complete and help
1. Preparation of profiling
The preparation can be done at any time, and needs not to be changed once set up.
unset fprofile packet wrap
set fprofile packet enable
set fprofile packet count 16
The count is measured in kilo-packets, allowed are 1-256
2. Start and stop profiling
set fprofile packet start
If you set up nowrap (like above), profiling ends automatically as soon as the packet count is reached. If you set wrap mode, the buffer used is overwritten until you issue a
set fprofile packet stop
I've seen no CPU effect if you leave fprofile enabled (but stopped), however you can disable that to be safe:
unset fprofile packet enable
After disabling fprofile, the collected profile data is not available anymore, even after reenabling.
If you want to check the actual state of the profiling enginge:
shows state of fprofile: enabled and start or stop.
3. Viewing the profile