SRX Services Gateway
Highlighted
SRX Services Gateway

Trafic Monitor on SRX210H

‎06-22-2017 10:52 AM

Hi all,

 

I dont see any traffic/packets when i run the following: 

 

root@SRX210> monitor traffic interface ge-0/0/1 matching "host 192.168.1.2" no-resolve extensive
Address resolution is OFF.
Listening on ge-0/0/1, capture size 1514 bytes

Do i miss something?

 

also on the outbound interface of ge-0/0/0 could not retrieve the packets.

 

im running JUNOS Software Release [12.1X46-D60.4]

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Trafic Monitor on SRX210H

‎06-22-2017 01:40 PM

Run the command with the matching qualifier and you have wait about 20 seconds. However, this command monitirs traffic to and from the RE via that interfac


@serdar wrote:

Hi all,

 

I dont see any traffic/packets when i run the following: 

 

root@SRX210> monitor traffic interface ge-0/0/1 matching "host 192.168.1.2" no-resolve extensive
Address resolution is OFF.
Listening on ge-0/0/1, capture size 1514 bytes

Do i miss something?

 

also on the outbound interface of ge-0/0/0 could not retrieve the packets.

 

im running JUNOS Software Release [12.1X46-D60.4]

 



e. What traffic are you expecting to see that is not showing?

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
SRX Services Gateway

Re: Trafic Monitor on SRX210H

‎06-26-2017 09:51 AM

use "monitor interface traffic " if you just want to see if traffic is flowing through the interfaces.

 

"monitor  traffic interface" will be useful only to check traffic destined to the SRX, like SSH/J-web/Telnet to SRX through that interface.

 

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: Trafic Monitor on SRX210H

‎06-26-2017 09:45 PM

Hi Folks,
Please find few quivalent from router shell; i have tried a couple

 

1. Basic communication // see the basics without many options
tcpdump -i fxp0 -nS

2. Basic communication (very verbose) // see a good amount of traffic, with verbosity and no name help
tcpdump -i fxp0 -nnvvS

3. A deeper look at the traffic // adds -X for payload but doesn’t grab any more of the packet
tcpdump -i fxp0 -nnvvXS

4. Heavy packet viewing // the final “s” increases the snaplength, grabbing the whole packet
tcpdump -i fxp0 -nnvvXSs 1514

5. host // look for traffic based on IP address (also works with hostname if you’re not using -n)
tcpdump -i fxp0 host 1.2.3.4

6. src, dst // find traffic from only a source or destination (eliminates one side of a host conversation)
tcpdump -i fxp0 src 2.3.4.5
tcpdump -i fxp0 dst 3.4.5.6

7. net // capture an entire network using CIDR notation
tcpdump -i fxp0 net 1.2.3.0/24

8. proto // works for tcp, udp, and icmp. Note that you don’t have to type proto
tcpdump -i fxp0 icmp
tcpdump -i fxp0 tcp
tcpdump -i fxp0 udp

9. port // see only traffic to or from a certain port
tcpdump -i fxp0 port 3389

10. src, dst port // filter based on the source or destination port
tcpdump -i fxp0 src port 1025
tcpdump -i fxp0 dst port 389

<---------

-Python JNCIE 3X [SP|DC|ENT] JNCIP-SEC JNCDS 3X [ WAN | DC|SEC] JNCIS-Cloud JNCIS-DevOps CCIP ITIL
#Please mark my solution as accepted if it helped, Kudos are appreciated as well.
Feedback