Security

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

monitor traffic interface and show security flow session destination-prefix command differences?

Jump to Best Answer
  • 1.  monitor traffic interface and show security flow session destination-prefix command differences?

    Posted 11-02-2021 19:43
    I have a VPN and when I carry out the show security flow session extensive I see the traffic details from the interface the traffic entered to the nat, policy, route, exit interface, etc and it provide me a great deal of information that I need. 

    To further compliment this I want to also see the traffic from a monitor traffic interface perspective but that I'm not seeing. 

    After running the show security flow I identify the egress interface but I can't see that traffic with the monitor traffic interface. 

    the commands I run

    monitor traffic interface reth0.0

    ------------------------------
    Juan
    ------------------------------


  • 2.  RE: monitor traffic interface and show security flow session destination-prefix command differences?
    Best Answer

     
    Posted 11-02-2021 19:46
    There are two very similar commands depending on the traffic you want to see.  the one you are using is for "self traffic" packets that are starting or ending on the Junos device itself.

    monitor traffic interface

    The other is for transit traffic, that is packets that come in one interface on the Junos device and exit on another one.  This is what you want for your application following a flow.

    monitor interface traffic

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------