[j-nsp] monitor traffic matching
Josef Buchsteiner
josefb at juniper.net
Tue Dec 30 04:55:25 EST 2003
This is expected. Since on transit interfaces the L2 headers are
stripped off the offset for the matching condition does not match
anymore. this does only work for outbound traffic and for traffic
coming in via fxp0.
You can write the data into a file and then later examine it via
ethereal as an example
Josef
Tuesday, December 30, 2003, 9:11:14 AM, you wrote:
> hi, i'm using JUNOS 6.0.
> i tried to tcpdump on Juniper using 'matching' but it didn't work.
> i used 'not port 22' but it still shows packets with port 22.
> did i miss something ?
> // ARIGA Seiji
> ----
juniper>> monitor traffic interface fe-0/0/0
juniper>> no-resolve no-timestamp matching "not port 22"
> verbose output suppressed, use <detail> or <extensive> for full protocol decode
> Listening on fe-0/0/0, capture size 96 bytes
> In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 2642685192 win 24820
> In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 97 win 24820
> In IP 192.168.0.133.2752 > 192.168.128.244.135: S
> 2049344288:2049344288(0) win 16384 <mss 1414,nop,nop,sackOK>
> Out IP 192.168.128.244.135 > 192.168.0.133.2752: R 0:0(0) ack 2049344289 win 0
> In arp who-has 192.168.128.243 tell 192.168.128.246
> In arp who-has 192.168.128.242 tell 192.168.128.246
> In arp who-has 192.168.128.241 tell 192.168.128.246
> ^C
> 27 packets received by filter
> 0 packets dropped by kernel
juniper>>
> ----
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list