Versions Compared

Old Version 10

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 11

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/monitor-traffic.html#jd0e1189

...





On the client:

request services rpm twamp start client Reflector1


on the Client ( or the server)


monitor traffic interface ge-0/0/4

Code Block
titlemonitor traffic interface
collapsetrue
15:33:30.946434 Out
        Juniper PCAP Flags [Ext, no-L2], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 35840
          Logical Interface Index Extension TLV #4, length 4, value: 85
        -----original packet-----
        PFE proto 2 (ipv4): (tos 0x0, ttl 255, id 42543, offset 0, flags [none], proto: UDP (17), length: 88) 10.17.3.1.28287 > 10.217.4.1.28287: [udp sum ok] UDP, length 60
15:33:30.947864  In
        Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 35840
          Logical Interface Index Extension TLV #4, length 4, value: 85
        -----original packet-----
        PFE proto 2 (ipv4): (tos 0x0, ttl  64, id 42543, offset 0, flags [none], proto: UDP (17), length: 88) 10.217.4.1.28287 > 10.17.3.1.28287: [no cksum] UDP, length 60


monitor traffic interface ge-0/0/4.0



Code Block
titlemonitor traffic interface unit 0
collapsetrue
monitor traffic interface ge-0/0/4.0

15:27:11.704586 Out IP 10.17.3.1.28275 > 10.217.4.1.28275: UDP, length 60
15:27:11.705899  In IP 10.217.4.1.28275 > 10.17.3.1.28275: UDP, length 60

monitor traffic interface ge-0/0/4.0 detail

15:30:51.376287 Out IP (tos 0x0, ttl 255, id 40744, offset 0, flags [none], proto: UDP (17), length: 88) 
		10.17.3.1.28283 > 10.217.4.1.28283: UDP, length 60
15:30:51.377705  In IP (tos 0x0, ttl  64, id 40744, offset 0, flags [none], proto: UDP (17), length: 88) 
		10.217.4.1.28283 > 10.17.3.1.28283: UDP, length 60




monitor traffic interface ge-0/0/4.0 extensive

14:14:48.148636 Out
        Juniper PCAP Flags [Ext, no-L2], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 35840
          Logical Interface Index Extension TLV #4, length 4, value: 85
        -----original packet-----
        PFE proto 2 (ipv4): (tos 0x0, ttl 255, id 55419, offset 0, flags [none], proto: UDP (17), length: 88) 
		10.17.3.1.28199 > 10.217.4.1.28199: [udp sum ok] UDP, length 60



14:14:48.149982  In
        Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 35840
          Logical Interface Index Extension TLV #4, length 4, value: 85
        -----original packet-----
        PFE proto 2 (ipv4): (tos 0x0, ttl  64, id 55419, offset 0, flags [none], proto: UDP (17), length: 88) 
		10.217.4.1.28199 > 10.17.3.1.28199: [no cksum] UDP, length 60


match command

monitor traffic interface ge-0/0/4 matching "proto 17" no-resolve extensive layer2-headers print-ascii


Code Block
titleextensive with print-ascii
collapsetrue
root@SRX340-1-Rack104> monitor traffic interface ge-0/0/4 matching "proto 17" no-resolve extensive layer2-headers print-ascii

Address resolution is OFF.
Listening on ge-0/0/4, capture size 1514 bytes

15:44:39.044967 bpf_flags 0x82, Out
        Juniper PCAP Flags [Ext, no-L2], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 35840
          Logical Interface Index Extension TLV #4, length 4, value: 85
        -----original packet-----
        PFE proto 2 (ipv4): (tos 0x0, ttl 255, id 50138, offset 0, flags [none], proto: UDP (17), length: 88) 10.17.3.1.28305 > 10.217.4.        1.28305: [udp sum ok] UDP, length 60
0x0000   0000 0002 4500 0058 c3da 0000 ff11 dbce        ....E..X........
0x0010   0a11 0301 0ad9 0401 6e91 6e91 0044 dff8        ........n.n..D..
0x0020   0000 0000 0000 0000 0000 0000 0001 0000        ................
0x0030   0000 0000 006c 0880 006c 0884 0000 0000        .....l...l......
0x0040   0000 0016 0000 0000 0000 0000 0000 0000        ................
0x0050   006c 1400 0000 0000 0000 0000                  .l..........


15:44:39.046318 bpf_flags 0x87,  In
        Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 35840
          Logical Interface Index Extension TLV #4, length 4, value: 85
        -----original packet-----
        PFE proto 2 (ipv4): (tos 0x0, ttl  64, id 50138, offset 0, flags [none], proto: UDP (17), length: 88) 10.217.4.1.28305 > 10.17.3.        1.28305: [no cksum] UDP, length 60
0x0000   0000 0002 4500 0058 c3da 0000 4011 9acf        ....E..X....@...
0x0010   0ad9 0401 0a11 0301 6e91 6e91 0044 0000        ........n.n..D..
0x0020   0000 0000 e0ac dfd6 6595 feda 0001 0000        ........e.......
0x0030   e0ac dfd6 6595 8969 0000 0000 e0ac dfd7        ....e..i........
0x0040   209f b613 0001 0000 ff00 9611 e0ac dfd7        ................
0x0050   20cc ff21 0000 0000 0000 0000                  ...!........




create a pcap file

root@SRX340-1-Rack104% tcpdump -i ge-0/0/4.0 -s 150 -w /var/tmp/twamp_1.pcap




Read a pcap file on the srxmonitor traffic read-file tcpdump_20_7_18.pcap


Code Block
titlefwd-options packet-captures
collapsetrue
#1
set forwarding-options packet-capture file filename testpacketcapture
set forwarding-options packet-capture maximum-capture-size 1500

#2
set firewall filter PCAP term 1 from source-address 10.17.3.1
set firewall filter PCAP term 1 from destination-address 10.217.4.1
set firewall filter PCAP term 1 then sample
set firewall filter PCAP term 1 then accept
set firewall filter PCAP term 2 from source-address 10.204.115.166
set firewall filter PCAP term 2 from destination-address 10.217.4.1
set firewall filter PCAP term 2 then sample
set firewall filter PCAP term 2 then accept
set firewall filter PCAP term allow-all-else then accept 

#3
set interfaces ge-0/0/4 unit 0 family inet filter output PCAP
set interfaces ge-0/0/4 unit 0 family inet filter input PCAP