tcpdump, wireshark, and junos 10.1R1.8

monodactylus · ‎03-07-2010

Hello,

I'm having problems running tcpdump at the prompt on a srx-210 running junos 10.1R1.8. Typically on linux I'll run something like this:

tcpdump -Xvvvni interface -s0 -w test.pcap host 10.10.10.10

First when I try to use a snap length of zero, usually on linux it will capture the complete packet...how do I do this in junos? I've just been putting some large number after the -s option for now i.e. 100000, but I'm thinking there's probably a better way?

Next, when running this command on in junos, then scp'ing over to my laptop to open up in wireshark and look at. Wireshark complains that it cannot open up a type 200 capture. Does anyone know what options should I be adding to make it so this doesn't happen?

Thanks,

Will

arizvi · ‎10-21-2008

In shell , you can use the following commad:

tcpdump -i <interface>

or

tcpdump -i <interface> host <ip addr>

or

tcpdump -i <interface> -w <filename> host <ip addr>

Thanks

Atif

Kudos appreciated

bufo333 · ‎12-22-2009

edit forwarding-options

set packet-capture maximum-capture-size 500

set packet-capture file filename pcap-file

set packet-capture file files 100

set packet-capture file size 1024

set packet-capture file world-readable

set interface ge-0/0/0.0 family inet sampling input output

commit

Feel free to change the size of each capture file.

pcap files saved in /var/tmp

John Burns

PowerRanger · ‎07-08-2010

Hi,

I also tried to use Tcpdump to capture SIP but it didn't work.

%tcpdump -ni reth0 -s 0 port 5060 -vvv -w /var/tmp/capture => invalid snaplen 0

%tcpdump -ni reth0 port 5060 -vvv -w /var/tmp/capture => Syntax error

The tcpdump command has been modified from juniper?

Telnet-1 · ‎05-05-2010

Hi arizvi ,

~tcpdump -i <interface> host <ip addr>

Will that get traffic with dst-ip = host ip or with src-ip = host ip ?

What if i want to see traffic with src-ip & dst-ip = X ( ie: ping request & ping reply ) ?

~tcpdump -i <interface> -w <filename> host <ip addr>

How can i view this file ?

Can you paste a link containing more options & details

devol · ‎06-22-2008

running tcpdump from the shell will only capture control plane traffic. Its similar to running a monitor traffic command in op mode.

You need to use traffic sampling if you want to capture traffic flowing through the data plane of the device.

TravisJohnson · ‎12-14-2009

bufo333 wrote:
edit forwarding-options
set packet-capture maximum-capture-size 500
set packet-capture file filename pcap-file
set packet-capture file files 100
set packet-capture file size 1024
set packet-capture file world-readable

set interface ge-0/0/0.0 family inet sampling input output

commit

Feel free to change the size of each capture file.

pcap files saved in /var/tmp

Correct.... and if Johnny Burns says it, you can take it to the bank! (EJohnson @ GPC)

________________________________________________

If my post helped you, please feel free to give me kudos.

a.prutkoy · ‎05-13-2011

For Telnet-1

tcpdump host clientIPaddress || host targetIPaddress <ENTER>

This initiates capture with only the client and target IP addresses in the source or destination IP addresses.

rkim · ‎11-06-2007

You may find below KB article useful.

http://kb.juniper.net/KB11709

As others have stated, tcpdump is basically same as 'monitor traffic' command and only captures self traffic to SRX. Tcpdump will not capture traffic that is transiting the SRX.

-Richard

tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8

Re: tcpdump, wireshark, and junos 10.1R1.8