Capturing Packets at a Juniper Router

  1. This command will start capturing packets on the given interface and save the capture in the file capture.pcap.
monitor traffic interface ge-1/0/1.0 extensive matching "dst host 177.47.98.41" no-resolve print-ascii write-file capture.pcap

The text between quotation marks is called a matching expression. More examples of matching expression  can be found in 1)https://kb.juniper.net/InfoCenter/index?page=content&id=KB16385 and 2)https://www.juniper.net/documentation/en_US/junos12.1×46/topics/reference/command-summary/monitor-traffic.html.

2. Listing the files saved in the router:

admin@MX5_1>file list

/var/home/admin/:
capture.pcap

3. Copy the capture file to a FTP server, so it can be opened with Wireshark:

file copy capture.pcap "ftp://junos@10.1.1.100/MX5_1/capture.pcap"

The file will be available at the FTP server, in directory /home/junos/MX5_1.

 

References   [ + ]

Leave a Reply

Your email address will not be published. Required fields are marked *