[j-nsp] "monitor traffic" broken?

Harry Reynolds harry at juniper.net
Mon Nov 1 13:32:58 EST 2004


AFAIK protocol based matched at the CLI have been broken for some time.
This is because the L2 encap is stripped at ingress. You can work around
by capturing to a file and then reading back the contents of the file;
when writing to a file pseudo L2 headers are added back (as I
understand). This can be done at a root shell using standard TCPDUMP, or
via hidden write-file and read-file CLI switches. Note these are hidden
due to concern about someone writing a huge file to /var causing a lack
of disk space.

Regards, and HTHs







> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Daniel Roesen
> Sent: Monday, November 01, 2004 10:24 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] "monitor traffic" broken?
> 
> Hi,
> 
> monitor traffic interface ge-0/0/0.123 matching "port 53"
> 
> This SHOULD show me all DNS traffic in/out this interface, correct?
> 
> But actually, I see only incoming traffic, and the matching 
> term is completely ignored. Same goes for "host x.x.x.x" or so.
> 
> Am I doing something wrong?
> 
> 
> Best regards,
> Daniel
> 
> --
> CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 
> 0xA85C8AA0 _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list