Junos
Reply
Visitor
Posts: 5
Registered: ‎08-11-2008
0
Accepted Solution

JUNOS 9.0 and Monitoring Traffic

Hey all, I'm new to the JUNOS world and I've hoping someone could explain why the following happens.

 

I have 2 J2330 routers running 9.0 and a XP system setup in my test network assembled as such:

 

 

192.168.1.100 (XP) ------- 192.168.1.1 (Router 1 ge-0/0/0.0) (Router 1 ge-0/0/1.0) 192.168.2.1-----------192.168.2.2 (Router 2 ge-0/0/1.0)

 

 RIP has been setup on both routers.

 

If I do a continuos ping from 192.168.1.100 -> 192.168.2.2, all responses are received; however, if I go to Router 1 and do a tcpdump or a monitor command, I never see any ICMP traffic, only ARP information and RIP updates.  Shouldn't I be able to see my pings going across the wire?

Recognized Expert
benb
Posts: 205
Registered: ‎11-05-2007

Re: JUNOS 9.0 and Monitoring Traffic

'monitor interface traffic', and tcpdump will only capture traffic that is originated by, or destined for, the router itself.  In order to capture transit traffic, you will need to use sampling, or firewall rules.

 

Regards,

Ben

Regular Visitor
saruhand
Posts: 5
Registered: ‎10-01-2008
0

Re: JUNOS 9.0 and Monitoring Traffic

Hi,

 

I trying to tcpdump or monitor, if you prefered,  one interface on my J2320 version 9.1 butI do not see any traffic.

I'm currently configuring the snmp on my J2320 but it doesn't work :smileysad:

So I began to sniff .... 

I do not see any traffic.

 

I wondered if I correctly configured my traffic monitor, so I've tryed to sniff a ping. No more result....

I do not understand why cause I was sniffing traffic going to the J2320.

 

does any one have an answer ... an idear ?

 

regards

Saruhand

Trusted Contributor
Gniewko
Posts: 67
Registered: ‎04-14-2008
0

Re: JUNOS 9.0 and Monitoring Traffic

[ Edited ]

 

Hi,

 

Do You see any differences between sniffing on the whole interface and just the specific unit?

I mean, assuming You want to sniff the 10th unit of ge-0/0/0 interface, do both commands bring the same effect?:

>   monitor traffic interface ge-0/0/0 no-resolve

>   monitor traffic interface ge-0/0/0.10 no-resolve

 

 I added the 'no-resolve' option to eliminate any DNS issues.

 

Thanks,

 

Have a nice day,

G.

Message Edited by Gniewko on 10-02-2008 06:12 PM
Regular Visitor
saruhand
Posts: 5
Registered: ‎10-01-2008
0

Re: JUNOS 9.0 and Monitoring Traffic

no, I do both but I do not see any traffic comming to the Jseries.

 

regards

Contributor
Minotaur
Posts: 44
Registered: ‎11-11-2008
0

Re: JUNOS 9.0 and Monitoring Traffic

[ Edited ]

I have the same issue.

I have e1 interface (frame-relay encapsulation) faced to the Internet.

When I'm trying to ping it's address with standard ping command (from FreeBSD box) then I see no ICMP traffic in monitor traffic interface output. But when I'm tracing it's address with mtr or ping -R command then I see incoming ICMP packets.

 

It seems that "monitor traffic interface" command does not match ICMP echo requests without record route flag set.

 

Message Edited by Minotaur on 11-11-2008 04:00 AM
Message Edited by Minotaur on 11-11-2008 04:01 AM
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: JUNOS 9.0 and Monitoring Traffic

Monitor traffic would only show traffic to and from the RE side of the router. That means you would see ARP, routing protocols, etc. But ICMP echos and echo replies actually stay within the PFE side of the router. So you would not see that in monitor traffic. If you want to see transit traffic then you should instead use packet-capture. This is documented in the JUNOS for J-Series Administration Guide.

 

-Richard

Contributor
Minotaur
Posts: 44
Registered: ‎11-11-2008
0

Re: JUNOS 9.0 and Monitoring Traffic

Thanks, packet capturing works for me on E1-interfaces. But what's about VLAN-subinterfaces? I've tried to configure packet capture as follows:

 

minotaur@cr1-igo.ki# show forwarding-options packet-capture { file filename pcap files 10 size 2k world-readable; } [edit] minotaur@cr1-igo.ki# show interfaces ge-0/0/0 unit 150 vlan-id 150; family inet { sampling { input; output; } address 10.2.0.1/24; }

 It does not work. How to see traffic on VLAN-subinterfaces? Thanks.

 

 

Recognized Expert
benb
Posts: 205
Registered: ‎11-05-2007
0

Re: JUNOS 9.0 and Monitoring Traffic

The packet capture feature on J-series is not currently supported on Gigabit Ethernet interfaces.

 

Regards,

Ben

Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: JUNOS 9.0 and Monitoring Traffic

Packet capture is supported on GE interfaces on J-Series. Rather than using sampling input output configuration on family inet, try instead to use firewall filters with action of sample and apply that to the interface instead. That is also discussed in the documentation for packet captures.

 

-Richard

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.