Capturing Packets at a Juniper Router

  1. This command will start capturing packets on the given interface and save the capture in the file capture.pcap.
monitor traffic interface ge-1/0/1.0 extensive matching "dst host" no-resolve print-ascii write-file capture.pcap

The text between quotation marks is called a matching expression. More examples of matching expression  can be found in 1) and 2)×46/topics/reference/command-summary/monitor-traffic.html.

2. Listing the files saved in the router:

admin@MX5_1>file list


3. Copy the capture file to a FTP server, so it can be opened with Wireshark:

file copy capture.pcap "ftp://junos@"

The file will be available at the FTP server, in directory /home/junos/MX5_1.


References   [ + ]

