Config Router

You are here: Home / Juniper / How to do a packet capture of monitor traffic interface

How to do a packet capture of monitor traffic interface

by

monitor traffic interface <interface-name> displays the packet send/received by Routing Engine in that interface.

For example, in below output we can see the STP packets received and LLDP packets send out of the interface ge-0/0/0.

************************************************************************************************************************************************************
root> monitor traffic interface ge-0/0/0
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 96 bytes
19:17:08.407884 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.2c:6b:f5:3e:74:81.8201, length 43
19:17:10.667486 Out [|LLDP]
************************************************************************************************************************************************************

Note :that monitor traffic interface can be used only for kernel traffic. For transit traffic we have to rely on port mirroring

We can capture the output of Monitor traffic interface in a packet capture. This can be helpful in troubleshooting

To collect the output of monitor traffic interface as a packet capture use the following syntax monitor traffic interface <interface-name> write-file <location to which file needs to be saved/Name of file>

************************************************************************************************************************************************************************************************
For example:

root> monitor traffic interface ge-0/0/0 write-file /var/tmp/TEST.pcap
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 9100 bytes
^C
46 packets received by filter
0 packets dropped by kernel 

To stop the capture press cntrl+c

File is saved in /var/tmp as specified above

root> file list /var/tmp/ detail | match TEST
-rw-r--r-- 1 root field 5628 Mar 26 19:27 TEST.pcap 
**************************************************************************************************************************************************************