Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] Analyzer does not capture packets when input parameters are configured

0

0

Article ID: KB32300 KB Last Updated: 26 Dec 2017Version: 1.0
Summary:

This article describes the issue where the packets are not forwarded to the analyzer when input parameters - rate or maximum-packet-length - are configured.

Symptoms:

No packets are seen in the captures when the analyzer is configured as below:

forwarding-options {
    analyzer {
        TEST {
            input {
                rate 10;
                maximum-packet-length 9000;
                ingress {
                    interface ge-5/3/9;
                }                       
                egress {
                    interface ge-5/3/9;
                }
            }
            output {
                interface ge-5/3/8;
                }
            }
        }
    }
}
  • The 'rate’ command is used to set the ratio of the number of packets to be sampled. For example, if you specify a rate of 10, every tenth packet (1 packet out of 10) is sampled. Range: 1 through 65,535 (default 1, this means all the packets are sent for mirroring)
  • The ‘maximum-packet-length’ command is used to set the maximum length of the packet used for port mirroring or traffic sampling. Packets with lengths greater than the specified maximum are truncated. Range: 0 through 9216 (default 0, this means the entire packet without truncating).

 Even using the default parameters in the analyzer configuration, we do not get any captures.

Solution:

Configuring the analyzer without input parameters defined is referred to as the Default Analyzer, which will be applied at the global level. In the default analyzer level, there is no need to bind the analyzer to the physical ports.

When the analyzer is configured with input parameters defined, it referred to as a Statistical Analyzer. In the statistical analyzer level, you need to bind the analyzer to the physical ports at chassis level; for example:

                set chassis fpc <fpc_name> port-mirror-instance <analyzer_name>
 

In our example, since we are monitoring the ge-5/3/9 interface located in FPC 5, the following command needs to be committed to bind the statistical analyzer to the FPC that contains the input interface.

                set chassis fpc 5 port-mirror-instance TEST
 
After executing the above command, packets captured by the sniffer, as per the parameters configured.


For more information and example configurations, see Understanding Port Mirroring Analyzers.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search