Knowledge Search


×
 

[Junos Content Encore (formerly MFC)] how to use tcpdump to capture specific packets from existing traffic flows

  [KB23815] Show Article Properties


Summary:
This article provides information on how to use tcpdump to capture specific packets from existing traffic flows.
Symptoms:
How to use tcpdump to capture specific packets from existing traffic flows.
Cause:

Solution:
A JCE is built on the Linux platform. You can use underlying tools of the Linux platform to troubleshoot many issues. One of the tools that you can use to capture traffic is tcpdump. To use this tool in JCE, you should have an access to the enable mode.
VXA2010-1 > enable > Issue enable to get into enable mode.
VXA2010-1#tcpdump <options>
The following tables list the option that you can use to obtain the correct output:

Command Line options:


   
You can also modify the capture by using the following filters:

Capture Filter Primitives:

 

The following protocols are supported in tcpdump:

  • ARP

  • IP6

  • Slip

  • Ether

  • Link

  • TCP

  • DDI

  • PPP

  • TR

  • ICMP

  • Radio

  • UDP

  • IP

  • RARP

  • WLAN

The following modifiers can be used:

  • ! or not

  • && or and

  • || or or


The following TCP flags can be used:

  • tcp-urg

  • tcp-rst

  • tcp-ack

  • tcp-syn

  • tcp-psh

  • tcp-fin

The following examples are good references on how to use tcpdump:

  • Tcpdump udp dst port no 53

  • Tcpdump host 10.0.0.1 && host 10.0.02

  • Tcpdump dst port 80 or 8080
Related Links: