When running the command monitor traffic interface, the output gives the IP address followed by a name. This article explains how to determine what port is being used.
After executing the command sample monitor traffic interface, the following message is logged:
02:00:54.359552 Out PPPoE [ses 1159]IP 10.10.10.220.sae-urn > 172.16.10.143.sae-urn: UDP, length 96
How do you determine the port number sae-urn? It is a name resolution to a port, so what port number is this?
By default, when executing the command monitor traffic interface, the port number for the packet resolves to a name based on an internal name resolution database. This database can be found from the shell of a Junos OS device in the file /etc/services.
For example,
02:00:54.359552 Out PPPoE [ses 1159]IP 10.10.10.220.sae-urn > 172.16.10.143.sae-urn: UDP, length 96
We can grep for sae-urn in /etc/services:
root@% grep sae-urn /etc/services sae-urn 4500/tcp sae-urn 4500/udp root@%
From this, we can see that sae-urn is port 4500.
Alternatively, when executing the command monitor traffic interface, you can choose the command monitor traffic interface no-resolve, and this will tell the device to not do name resolution on the port. When doing this, you will see the port number instead of sae-urn in the output:
02:00:54.359552 Out PPPoE [ses 1159]IP 10.10.10.220.4500 > 172.16.10.143.4500: UDP, length 96