Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  "monitor traffic" cannot capture wanted data

    Posted 02-25-2014 18:02

    In live network, when running "monitor traffic interface", the output only contain ISIS and LDP packet, no other user data, any idea why?

     

    I also tried mach condition, it doesn't help as well.

     

     

     monitor traffic interface so-7/0/2            
    verbose output suppressed, use <detail> or <extensive> for full protocol decode
    Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
    Address resolution timeout is 4s.
    Listening on so-7/0/2, capture size 96 bytes

    Reverse lookup for 224.0.0.2 failed (check DNS reachability).
    Other reverse lookup failures will not be reported.
    Use <no-resolve> to avoid reverse lookups on IP addresses.

    09:55:13.419949 Out IP 211.136.213.217.ldp > 224.0.0.2.ldp: LDP, Label-Space-ID: 221.179.3.10:0, pdu-length: 38
    09:55:14.568054  In IP 211.136.213.218.ldp > 224.0.0.2.ldp: LDP, Label-Space-ID: 221.179.3.47:0, pdu-length: 30
    09:55:15.710249  In IS-IS, p2p IIH, src-id 2211.7900.3047, length 70
    09:55:15.931912  In LCP, Echo-Request (0x09), id 35, length 10
    09:55:15.931914 Out LCP, Echo-Reply (0x0a), id 35, length 10
    09:55:17.134921 Out IS-IS, L2 CSNP, src-id 2211.7900.3010.00, length 70
    09:55:17.152679 Out IS-IS, L2 CSNP, src-id 2211.7900.3010.00, length 70
    09:55:17.173389 Out IS-IS, L2 CSNP, src-id 2211.7900.3010.00, length 70
    09:55:17.446071 Out LCP, Echo-Request (0x09), id 219, length 10
    09:55:17.449403  In LCP, Echo-Reply (0x0a), id 219, length 10
    09:55:18.357985 Out IP 211.136.213.217.ldp > 224.0.0.2.ldp: LDP, Label-Space-ID: 221.179.3.10:0, pdu-length: 38
    09:55:19.542122 Out IP truncated-ip - 8 bytes missing! 221.179.3.10.ldp > 221.179.3.47.52880: P 1237177790:1237177808(18) ack 3974965925 win 16384 <nop,nop,md5 38707400524f69ebf4ffc4e4875316a4>: LDP, Label-Space-ID: 221.179.3.10:0, pdu-length: 14
    09:55:19.551265  In IP 221.179.3.47.52880 > 221.179.3.10.ldp: . ack 18 win 8192 <md5 7f60dcb310b3426e64d57908c62faf53,eol>
    09:55:19.551514  In IP 211.136.213.218.ldp > 224.0.0.2.ldp: LDP, Label-Space-ID: 221.179.3.47:0, pdu-length: 30
    09:55:21.159319 Out IS-IS, p2p IIH, src-id 2211.7900.3010, length 70
    09:55:21.951709  In IP 221.179.3.47.52880 > 221.179.3.10.ldp: P 1:19(18) ack 18 win 8192 <md5 6b4a259650fe80b2c4739a8506aafbdc,eol>: LDP, Label-Space-ID: 221.179.3.47:0, pdu-length: 14

    ....

    58 packets received by filter
    0 packets dropped by kernel



  • 2.  RE: "monitor traffic" cannot capture wanted data
    Best Answer

    Posted 02-26-2014 00:26

    What data do you want to capture and what device are you on? monitor traffic interface caputures packets transmitted through network interfaces sent from or received by the Routing Engine.

    Is this what you are looking for?

    http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/example-configuring-packet-capture-datapath-debugging-srx.html



  • 3.  RE: "monitor traffic" cannot capture wanted data

    Posted 02-26-2014 22:49

    OIC, that make sence then. Thanks for the prompt reply.



  • 4.  RE: "monitor traffic" cannot capture wanted data

    Posted 02-26-2014 22:59

    hi ,

     

    is the command "datapath-debug" avaiable for security device? I don't see this command on TXP or olive VM

     

     Host# set security ?    
    Possible completions:
    + apply-groups         Groups from which to inherit configuration data
    + apply-groups-except  Don't inherit configuration data from these groups
    > authentication-key-chains  Authentication key chain configuration
    > certificates         X.509 certificate configuration
    > ike                  IKE configuration
    > ipsec                IPSec configuration
    > pki                  Public key infrastructure configuration
    > ssh-known-hosts      SSH known host list
    > traceoptions         Trace options for IPSec key management



  • 5.  RE: "monitor traffic" cannot capture wanted data

    Posted 02-27-2014 01:09

    Sorry, but thats why I asked which equipment you using, it makes a difference. That would work on the high end SRX1400 -5800. I don't know about the Olive nor the TXP.

     

    <> insert the value of your choice

     

    set security flow traceoptions file PACKET-CAPTURE <= you can give the file any name you want
    set security flow traceoptions file size 1m
    set security flow traceoptions file files 5
    set security flow traceoptions file world-readable
    set security flow traceoptions flag basic-datapath
    set security flow traceoptions packet-filter input source-prefix <>
    set security flow traceoptions packet-filter input destination-prefix <>
    set security flow traceoptions packet-filter input destination-port <>
    set security flow traceoptions packet-filter egress source-prefix <>
    set security flow traceoptions packet-filter egress destination-prefix <>
    set security flow traceoptions packet-filter egress source-port <>
    when done:
    deactivate security flow traceoptions