- This command will start capturing packets on the given interface and save the capture in the file capture.pcap.
monitor traffic interface ge-1/0/1.0 extensive matching "dst host 18.104.22.168" no-resolve print-ascii write-file capture.pcap
The text between quotation marks is called a matching expression. More examples of matching expression can be found in 1)https://kb.juniper.net/InfoCenter/index?page=content&id=KB16385 and 2)https://www.juniper.net/documentation/en_US/junos12.1×46/topics/reference/command-summary/monitor-traffic.html.
2. Listing the files saved in the router:
admin@MX5_1>file list /var/home/admin/: capture.pcap
3. Copy the capture file to a FTP server, so it can be opened with Wireshark:
file copy capture.pcap "ftp://firstname.lastname@example.org/MX5_1/capture.pcap"
The file will be available at the FTP server, in directory /home/junos/MX5_1.
References [ + ]