Routing
Highlighted
Routing

monitor traffic

a week ago

hi,

I tried monitor traffic on ae0 and lo0.0 on the junos device.....But not capture any thing....Why?

 

>monitor traffic interface ae0 size 9999 no-resolve count 5 matching "udp port 162 or 162"

>monitor traffic interface lo0.0 size 9999 no-resolve count 5

3 REPLIES 3
Highlighted
Routing

Betreff: monitor traffic

a week ago

Hello Arix,

 

> monitor traffic interface ae0 size 9999 no-resolve count 5 matching "udp port 162 or 162"

 

With this command you can only monitor traffic TO the Router itself because you can only see traffic handled by the Routing Engine, transit traffic is handled by the ASIC and therefore it not touched by the RE. If you can't see anything on ae0, then there is no traffic flowing to the Router, (maybe) only flowing THROUGH the Router.

Additionally, "udp port 162 or 162" does not make any sense. E.g. you can perform "port 162" for all traffic from/to this port.

You can find more information here:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16385

 

 

> monitor traffic interface lo0.0 size 9999 no-resolve count 5

 

Try the following instead:

monitor traffic interface lo0 size 9999 no-resolve count 5

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution".
If you think that my answer was helpful, please spend some Kudos.
Highlighted
Routing

Re: monitor traffic

[ Edited ]
a week ago

Hello Arix,

 

Greetings!

 

If you are trying to get the PCAP file from the device and then analyze it in Wireshark, below is the command you can follow:

 

>>monitor traffic interface ae0 size 9999 no-resolve count 5 matching "udp port 162" write-file capture.pcap<<<<< write-file is a hidden command so type it out

>>monitor traffic interface lo0.0 size 9999 no-resolve count 5 write-file capture1.pcap 

 

capture and Capture 1 are used as pcap file names. The Write-file is a hidden command, please type it and don't copy-paste it.

 

In case you don't see any pcap files, then there might be no traffic going to the Routing Engine and might mostly be transit traffic going through the device.

 

I hope this helps. Please mark this post "Accept as solution" if this answers your query.

 

Kudos are always appreciated! Smiley Happy

 

Best Regards,

Lingabasappa H

 

 

Highlighted
Routing

Re: monitor traffic

Monday

I think the monitor traffic command is for exception traffic only. It's basically tcpdump.

 

Are you trying to capture exception traffic or transit traffic?

 

If you want transit traffic, your alternative is port mirroring to another port, and connecting a laptop with Wireshark there.