[j-nsp] monitor traffic matching
ARIGA Seiji
ariga at os.rim.or.jp
Tue Dec 30 03:11:14 EST 2003
hi, i'm using JUNOS 6.0.
i tried to tcpdump on Juniper using 'matching' but it didn't work.
i used 'not port 22' but it still shows packets with port 22.
did i miss something ?
// ARIGA Seiji
----
juniper> monitor traffic interface fe-0/0/0 no-resolve no-timestamp matching "not port 22"
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Listening on fe-0/0/0, capture size 96 bytes
In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 2642685192 win 24820
In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 97 win 24820
In IP 192.168.0.133.2752 > 192.168.128.244.135: S 2049344288:2049344288(0) win 16384 <mss 1414,nop,nop,sackOK>
Out IP 192.168.128.244.135 > 192.168.0.133.2752: R 0:0(0) ack 2049344289 win 0
In arp who-has 192.168.128.243 tell 192.168.128.246
In arp who-has 192.168.128.242 tell 192.168.128.246
In arp who-has 192.168.128.241 tell 192.168.128.246
^C
27 packets received by filter
0 packets dropped by kernel
juniper>
----
More information about the juniper-nsp
mailing list