[j-nsp] "monitor traffic" broken?
Daniel Roesen
dr at cluenet.de
Mon Nov 1 13:45:36 EST 2004
On Mon, Nov 01, 2004 at 10:32:58AM -0800, Harry Reynolds wrote:
> AFAIK protocol based matched at the CLI have been broken for some time.
> This is because the L2 encap is stripped at ingress. You can work around
> by capturing to a file and then reading back the contents of the file;
> when writing to a file pseudo L2 headers are added back (as I
> understand). This can be done at a root shell using standard TCPDUMP, or
> via hidden write-file and read-file CLI switches. Note these are hidden
> due to concern about someone writing a huge file to /var causing a lack
> of disk space.
Thanks. Using write/read-file I'm now able to match on host IP etc.
Unfortunately I'm still seeing only incoming packets, not egress DNS
queries done by the RE.
BTW, is there a PR open to get either "monitor traffic" fixed or
the documentation for the matching stuff removed? :-)
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the juniper-nsp
mailing list