Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Sample "monitor traffic interface" CLI commands to filter and capture traffic

0

0

Article ID: KB33629 KB Last Updated: 29 Dec 2018Version: 1.0
Summary:

This article provides sample monitor traffic interface Command Line Interface (CLI) commands to filter and capture traffic on MX Series devices.

 

Solution:

While troubleshooting host-bound traffic scenarios, one of the more commonly used command is the monitor traffic interface CLI command, which makes use of the tcpdump utility. This command shows traffic directed to and from a router.

Because it can be overwhelming to capture and analyze traffic on a production device when a lot of it is being exchanged between routers, filters are often used to narrow the capture data.

Given below are some sample monitor traffic interface commands with filters to capture traffic in commonly used scenarios. These commands can be further modified as required by using variables such as address, protocol port, and so on.

  • Match an IP address: monitor traffic interface ge-0/0/x matching "host 10.130.38.94"

  • Match a network: monitor traffic interface ge-0/0/x matching "net 10.1.1.0/24"

  • Match a port: monitor traffic interface ge-0/0/x matching "port 22"

  • Match TCP port 179: monitor traffic interface ge-0/0/x matching "tcp port 179"

  • Match UDP port 646: monitor traffic interface ge-0/0/x matching "udp port 646"

  • Match ARP: monitor traffic interface ge-0/0/x matching arp

  • Match OSPF: monitor traffic interface ge-0/0/x no-resolve matching "ip proto 89" 

  • Match "not tcp port 3128" and match "tcp port 23": monitor traffic interface ge-0/0/x matching "not tcp port 3128 and tcp port 23"

  • Match ISIS packets: monitor traffic interface xe-5/0/0.1 matching iso

  • Match MPLS packets: monitor traffic interface xe-5/0/0.1 matching mpls

  • Match IPv6 packets: monitor traffic interface xe-5/0/0.1 matching ip6

  • Match packets sent to a particular destination: monitor traffic interface xe-5/0/0.1 matching "dst host 172.16.1.1"

  • Match packets coming from a particular source: monitor traffic interface xe-5/0/0.1 matching "src host 192.168.1.1"

  • Match packets with a specific source MAC address: monitor traffic interface xe-5/0/0.1 matching "ether src b0:a8:6e:70:fb:39"

  • Match ICMPv4 packets from/for a specific address: monitor traffic interface ge-0/0/0.0 matching "icmp && host 172.16.1.2"

  • Match ICMPv6 packets: monitor traffic interface xe-5/0/0.1 matching icmp6

  • Match LDP packets, along with a specific address: monitor traffic interface ae5.0 matching "tcp && port 646 && host 192.168.2.2"

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search