Determining the Port Number in a “monitor traffic interface” output

When running the command monitor traffic interface, the output gives the IP address followed by a name. This article explains how to determine what port is being used.

After executing the command sample monitor traffic interface, the following message is logged:

How do you determine the port number sae-urn? It is a name resolution to a port, so what port number is this?

By default, when executing the command monitor traffic interface, the port number for the packet resolves to a name based on an internal name resolution database. This database can be found from the shell of a Junos OS device in the file /etc/services.
For example,

We can grep for sae-urn in /etc/services:

From this, we can see that sae-urn is port 4500.
Alternatively, when executing the command monitor traffic interface, you can choose the command monitor traffic interface no-resolve, and this will tell the device to not do name resolution on the port. When doing this, you will see the port number instead of sae-urn in the output:

 

About the author

James Palmer

Leave a Comment