Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX/PTX] TCP dump command and matching patterns with examples

0

0

Article ID: KB33717 KB Last Updated: 19 Jan 2019Version: 1.0
Summary:

Sometimes, a high level of host traffic may be seen on a given interface, and we might need to filter it to get the packets we are interested in.  TCP dump commands can be used to find out which packets are sent and received by the host.

This article provides TCP dump command examples which can be run on a juniper router to troubleshoot host traffic issues.

Solution:

​Below are examples which can be used to filter the interested packets sent/received by a host.

  • match an IP address
    monitor traffic interface ge-0/0/x matching "host 10.130.38.94" no-resolve detail

  • match a network
    monitor traffic interface ge-0/0/x matching "net 225.1.1.0/24" no-resolve detail

  • to match a port
    monitor traffic interface ge-0/0/x matching "port 22"

  • to match tcp port 179
    monitor traffic interface ge-0/0/x matching "tcp port 179"

  • to match UDP port 646
    monitor traffic interface ge-0/0/x matching "udp port 646"

  • to match a protocol
    monitor traffic interface ge-0/0/x matching arp

  • to increase the size of capture
    monitor traffic interface ge-0/0/x matching arp size 1500

  • to save the capture to a file
    monitor traffic interface ge-0/0/x matching arp write-file capture.pcap <-- write-file is a hidden command so type it for completion

  • matching "not tcp port 3128î and matching tcp port 23
    monitor traffic interface ge-0/0/x matching "not tcp port 3128 and tcp port 23"

  • matching ISIS packets
    monitor traffic interface xe-5/0/0.1 matching iso

  • matching mpls packets
    monitor traffic interface xe-5/0/0.1 matching mpls

  • matching IPv6 packets
    monitor traffic interface xe-5/0/0.1 matching ip6

  • matching packets sent to particular destination
    monitor traffic interface xe-5/0/0.1 matching "dst host 224.0.0.5î

  • matching packets coming from particular source
    monitor traffic interface xe-5/0/0.1 matching "src host 100.100.100.0î"

  • matching packets with src mac address
    monitor traffic interface xe-5/0/0.1 matching "ether src b0:a8:6e:70:fb:39î

  • matching ICMPv6 packets
    monitor traffic interface xe-5/0/0.1 matching icmp6

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search