monitor traffic interface ( debug traffic )

Owned by Jean-luc KRIKER
Last updated: Nov 05, 2020
4 min read


https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/monitor-traffic.html




monitor traffic interface ge-1/1/7.456 extensive no-resolve
mx104 
root@mx104-1> monitor traffic interface ge-1/1/7.456 extensive no-resolve 
Address resolution is OFF.
Listening on ge-1/1/7.456, capture size 1514 bytes

18:01:39.873306 Out 
Juniper PCAP Flags [Ext], PCAP Extension(s) total length 22
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 40960
Logical Interface Index Extension TLV #4, length 4, value: 340
Logical Unit Number Extension TLV #5, length 4, value: 456
-----original packet-----
0c:86:10:c6:5b:85 > 0c:86:10:c6:5b:86, ethertype 802.1Q (0x8100), length 102: vlan 456, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 426
48, offset 0, flags [none], proto: ICMP (1), length: 84) 192.168.56.15 > 192.168.56.18: ICMP echo request, id 10710, seq 0, length 64
18:01:39.873995 In 
Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 22
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 40960
Logical Interface Index Extension TLV #4, length 4, value: 340
Logical Unit Number Extension TLV #5, length 4, value: 456
-----original packet-----
PFE proto 2 (ipv4): (tos 0x0, ttl 64, id 42651, offset 0, flags [none], proto: ICMP (1), length: 84) 192.168.56.18 > 192.168.56.15: I
CMP echo reply, id 10710, seq 0, length 64




EX switch
DHCP

traceoptions and log DHCP


monitor traffic interface ge-0/0/1 layer2-headers matching "port 67"
monitor traffic interface ge-0/0/1 layer2-headers matching "port 67" detail

port 67 extensive 
{primary:node1}
jkriker@srx4200-81> monitor traffic interface reth0 layer2-headers matching "port 67" extensive
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on reth0, capture size 1514 bytes

12:27:18.123231 bpf_flags 0x87,  In
        Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 128
          Logical Interface Index Extension TLV #4, length 4, value: 83
        -----original packet-----
Reverse lookup for 0.0.0.0 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lookups on IP addresses.

        PFE proto 2 (ipv4): (tos 0x0, ttl 128, id 52449, offset 0, flags [none], proto: UDP (17), length: 330) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:0c:29:ef:94:33, length 302, xid 0x58ab0f2e, Flags [none] (0x0000)
          Client-Ethernet-Address 00:0c:29:ef:94:33
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 00:0c:29:ef:94:33
            Requested-IP Option 50, length 4: 192.168.100.120
            Hostname Option 12, length 15: "DESKTOP-PH6V3UC"
            Vendor-Class Option 60, length 8: "MSFT 5.0"
            Parameter-Request Option 55, length 14:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
              Router-Discovery, Static-Route, Vendor-Option, Netbios-Name-Server
              Netbios-Node, Netbios-Scope, Option 119, Classless-Static-Route
              Classless-Static-Route-Microsoft, Option 252


12:27:18.262088 bpf_flags 0x80, Out
        Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 128
          Logical Interface Index Extension TLV #4, length 4, value: 83
        -----original packet-----
        00:10:db:ff:10:00 > 00:0c:29:ef:94:33, ethertype 802.1Q (0x8100), length 315: vlan 100, p 6, ethertype IPv4, (tos 0x0, ttl  64, id 30859, offset 0, flags [none], proto: UDP (17), length: 297) 192.168.100.1.bootps > 192.168.100.120.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 269, xid 0x58ab0f2e, Flags [none] (0x0000)
          Your-IP 192.168.100.120
          Client-Ethernet-Address 00:0c:29:ef:94:33
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Lease-Time Option 51, length 4: 86400
            Subnet-Mask Option 1, length 4: 255.255.255.0
            Server-ID Option 54, length 4: 192.168.100.1
            Default-Gateway Option 3, length 4: 192.168.100.1
12:27:23.129245 bpf_flags 0x87,  In
Layer2 Headermonitor traffic interface ge-0/0/1 layer2-headers
monitor traffic interface ge-0/0/1 layer2-headers detail



create a pcaptcpdump on linux
use root tcpdump -i xe-0/0/0.0 -w /var/tmp/dhcp_relay_2.pcap


Read the file

monitor traffic read-file tcpdump_dhcp8.pcap


Copy transfer the file