--1--
edit forwarding-options
set packet-capture maximum-capture-size 500
set packet-capture file filename pcap-file
set packet-capture file files 100
set packet-capture file size 1024
set packet-capture file world-readable
set interface ge-0/0/0.0 family inet sampling input output
pcap files saved in /var/tmp
--2--
In shell , you can use the following commad:
tcpdump -i <interface>
or
tcpdump -i <interface> host <ip addr>
or
tcpdump -i <interface> -w <filename> host <ip addr>
tcpdump is same as 'monitor traffic' and only captures self traffic to SRX. Tcpdump will not capture traffic that is transiting the SRX.
also, some useful KBs and links.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21563
http://kb.juniper.net/KB11709
http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110
http://www.tcpdump.org/tcpdump_man.html
thanks,
raheel