SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  how to see the traffic from reth interface

    Posted 14 days ago

    When we apply the monitor traffic interface reth3.0, we don't see the traffic that passes through this interface. We can see the VPN traffic, but the security sessions that are already up don't appear when we apply the monitor command. Do you have any ideas?

    thanks



    ------------------------------
    SUDQI AL-IMAM
    ------------------------------


  • 2.  RE: how to see the traffic from reth interface

    Posted 11 days ago

    There are two commands for checking the traffic on an interface and their use can be confusing as they are simply a different order for the same words.

    monitor traffic interface - as you can see from your testing, this command only shows traffic that terminates on the SRX router itself such as the vpn that you see.

    https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/command/monitor-traffic.html

    monitor interface traffic - this is the command to see the transit traffic coming in one interface on and out another on the device.

    https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/command/monitor-interface.html



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: how to see the traffic from reth interface
    Best Answer

    Posted 10 days ago

    Thanks Spuluka,

    but I found that the traffic that passes through the firewall can't appear in the monitor command,

    we can see it by the (show security flow session) and if we need to export it we should take a PCAP from both interfaces (reth, and ST) for example, and merge using Wireshark, because from each interface it is capture just one way

    Thanks for your support



    ------------------------------
    SUDQI AL-IMAM
    ------------------------------



  • 4.  RE: how to see the traffic from reth interface

    Posted 10 days ago

    Yes, the monitor commands only capture routing engine traffic. For transit traffic, see one of these articles depending on what model you have (the SRX series the instructions apply to are listed in the articles):

    https://supportportal.juniper.net/s/article/Includes-video-How-to-create-a-PCAP-packet-capture-on-a-SRX-branch-device?language=en_US

    https://supportportal.juniper.net/s/article/SRX-Example-Creating-a-PCAP-packet-capture-on-high-end-SRX-devices?language=en_US



    ------------------------------
    Nikolay Semov
    ------------------------------