[j-nsp] Monitor traffic

[Josef Buchsteiner]

> Note, in addition to this constraint, certain headers (L1, L2 and L3) are
> stripped from ingress packets before they are passed to the RE, therefore,
> it is not possible to match on L3 headers (e.g. IP source address) for
> inbound packets :-(  monitor traffic interface <blah> running on a Juniper
> has lots of constraints compared to tcpdump -i <blah> on a unix box.

      what  you  do can do is that you write this to a file and during
      writing we restore the L2-Header by adding dummy information and
      then  you  can  make  all  the  filters  you want and with other
      application  like  ethereal.  This works for the most common L2
      encaps.  At  some  point  we  might  be  able to add the fake L2
      Headers  also  during reading so the offsets for matching object
      is set correctly.

      Josef