Yes, the monitor commands only capture routing engine traffic. For transit traffic, see one of these articles depending on what model you have (the SRX series the instructions apply to are listed in the articles):
https://supportportal.juniper.net/s/article/Includes-video-How-to-create-a-PCAP-packet-capture-on-a-SRX-branch-device?language=en_US
https://supportportal.juniper.net/s/article/SRX-Example-Creating-a-PCAP-packet-capture-on-high-end-SRX-devices?language=en_US
------------------------------
Nikolay Semov
------------------------------
Original Message:
Sent: 01-14-2025 07:24
From: SUDQI AL-IMAM
Subject: how to see the traffic from reth interface
Thanks Spuluka,
but I found that the traffic that passes through the firewall can't appear in the monitor command,
we can see it by the (show security flow session) and if we need to export it we should take a PCAP from both interfaces (reth, and ST) for example, and merge using Wireshark, because from each interface it is capture just one way
Thanks for your support
------------------------------
SUDQI AL-IMAM
Original Message:
Sent: 01-13-2025 11:46
From: spuluka
Subject: how to see the traffic from reth interface
There are two commands for checking the traffic on an interface and their use can be confusing as they are simply a different order for the same words.
monitor traffic interface - as you can see from your testing, this command only shows traffic that terminates on the SRX router itself such as the vpn that you see.
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/command/monitor-traffic.html
monitor interface traffic - this is the command to see the transit traffic coming in one interface on and out another on the device.
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/command/monitor-interface.html
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 01-10-2025 01:01
From: SUDQI AL-IMAM
Subject: how to see the traffic from reth interface
When we apply the monitor traffic interface reth3.0, we don't see the traffic that passes through this interface. We can see the VPN traffic, but the security sessions that are already up don't appear when we apply the monitor command. Do you have any ideas?
thanks
------------------------------
SUDQI AL-IMAM
------------------------------