Agree with @raviky and @spuluka.
Hi Arix,
What is the exact goal we are trying to achieve while looking at transit traffic? Do you really need to look at every packet's contents? Capturing packets that are transit for the switch means intercepting the data path of traffic that is switched via the forwarding engine hardware which is meant to happen quickly. It isn't going to be simple on any vendor switches to get that kind of a capture as far as I know, let alone Juniper. Hence you'll find most people offer port mirroring. I0f that's not feasible, there will be more complicated ways to dig further into packets at the hardware level but that will need caution. Couple of examples:
1) Configure a firewall filter with action as "log" and then use "show firewall log" to see the packet header data. Please note this punts the packet to CPU and will take CPU cycles, so should be used with proper match criteria and with caution on a production device.
set interfaces ge-0/0/0 unit 0 family ethernet-switching filter input pkt-capture
set firewall family ethernet-switching filter pkt-capture term pkt-log from source-mac-address aa:bb:cc:dd:ee:ff/48
set firewall family ethernet-switching filter pkt-capture term pkt-log then log
{master:0}
root@jtac-qfx5100> show firewall log detail
Time of Log: 2019-03-04 09:44:41 UTC, Filter: pfe, Filter action: accept, Name of interface: ge-0/0/0.0
Name of protocol: ICMP, Packet Length: 84, Source address: 10.10.10.10, Destination address: 10.10.10.1
ICMP type: 8, ICMP code: 0
Time of Log: 2019-03-04 09:44:40 UTC, Filter: pfe, Filter action: accept, Name of interface: ge-0/0/0.0
Name of protocol: ICMP, Packet Length: 84, Source address: 10.10.10.10, Destination address: 10.10.10.1
ICMP type: 8, ICMP code: 0
2) On an EX4200/4500, following command gives a real time sample of a few packets forwarded at that time:
start shell
cprod -A fpc0 -c "show shim packet-descriptor device 1 summary"
If you don't need to look at every packet and it's contents, there may be simpler ways to achieve your goal like some posts have mentioned here i.e. look at interface traffic stats or use firewall filter to count packets that match your criteria.
The command shared by @spuluka i.e. "monitor interface traffic" shows the real-time statistics of input/output packet counts/rates on interface(s) in an easy to read format. This information is otherwise available from "show interfaces extensive" that gives this information per interface along with a ton of other things. More options for the command are explained here:
https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/monitor-interface.html
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated :).