vMX

Expand all | Collapse all

TCPDUMP in GE interface

Jump to Best Answer
  • 1.  TCPDUMP in GE interface

    Posted 11-14-2018 00:47

    Hi, I'm trying to use tcpdump in ge-0/0/1 interface but there's no output. Here is I'm pinging ge-0/0/1 ip address which is 2.2.2.2. Is there any other way I can monitor the packets going in and out of ge-0/0/1?

     

    Untitled.png



  • 2.  RE: TCPDUMP in GE interface

     
    Posted 11-14-2018 16:49

    I think that tcp dump can only work for traffic with a source/destination of the junos device itself.

     

    For transit traffic on the junos command line you can use

    monitor traffic interface

     

    Along with expressions to see the traffic coming through.

    https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/monitor-traffic.html

     



  • 3.  RE: TCPDUMP in GE interface

     
    Posted 11-15-2018 05:44

    @spuluka wrote:

    For transit traffic on the junos command line you can use

    monitor traffic interface

     

    Hello Steve,

     

    "monitor traffic intreface <int>" is NOT for transit traffic. 

    "monitor traffic intreface <int>" captures traffic that is destined to Routing-Engine

     

     

     



  • 4.  RE: TCPDUMP in GE interface

    Posted 11-15-2018 23:46

    Tried using monitor traffic.. but I had no luck. Btw the IP address 2.2.2.2 is with the ge-0/0/1 interface of the junos.

    Untitled.png



  • 5.  RE: TCPDUMP in GE interface
    Best Answer

    Posted 11-16-2018 00:20

    run this on vMX.

    I did't read the entire post but i think below should fix your issue.

     

    Bydefault ICMP inline reply is enabled on PFE that's why i won't come to RE and you will not see anything in monitor traffic interface on vMX. please check after disbaling the inline reply.

     

    >start shell pfe network fpc0

    test jnh 0 icmp-inline-reply-disable

     

     



  • 6.  RE: TCPDUMP in GE interface

    Posted 11-16-2018 00:53

    Great! It's now working. What if we want other kinds of traffic like tcp and udp? Do we need to type any commands like that one you gave us?

     

    Untitled.png

     

     



  • 7.  RE: TCPDUMP in GE interface

    Posted 11-16-2018 01:23

    You can test it using SSH from remote box and running “monitor traffic interface” on the box which you are trying to SSH.

    this knob was there only for icmp afaik. Let us know if you see any issue with tcp/udp traffic.


    Regards
    Harpreet



  • 8.  RE: TCPDUMP in GE interface

    Posted 11-16-2018 02:04

    I tested both tcp and udp traffic and I can see both on monitor traffic. Thank you again!



  • 9.  RE: TCPDUMP in GE interface

    Posted 11-14-2018 23:13

    Dear,

     

    You can forward the traffic to ge-0/0/1  interface.

    command is "set forwarding-options port-mirroring family inet output interface ge-0/0/1 next-hop 2.2.2.2"



  • 10.  RE: TCPDUMP in GE interface

     
    Posted 11-15-2018 04:17

    Hi,

     

    Those are control packets to & from RE. You can take a pcap (similar to packet dump) using morning commad with "write-file"(hidden) knob to take pcap.


    root> monitor traffic interface ge-x/x/x write-file capture1.pcap extensive size 1500

     

    or


    root> monitor traffic interface ge-x/x/x matching "arp or (icmp and host x.x.x)"