[j-nsp] tcpdump

Thompson, Jerrold ThompsonJB at mgmmirage.net
Mon Jan 21 13:26:15 EST 2008


Hi,

I'm trying to capture unicast traffic from a subinterface on an m10i
router running 8.0 code.

Started out with a "start shell user root" and then ran a

'tcpdump -c 1000 -nvi ge-0/3/0.694 -w /var/tmp/test.log'

And it kind of worked, but only caught slow path traffic destined to the
cpu exactly like a monitor command.

Can anybody tell me how to catch the unicast traffic with an IP host
filter?  I've tried:

'tcpdump -c 1000 -nvi ge-0/3/0 host 10.66.94.35 -w /var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0 ip host 10.66.94.35 -w /var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0.694 host 10.66.94.35 -w
/var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0.694 ip host 10.66.94.35 -w
/var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0 'host 10.66.94.35' -w /var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0.694 'host 10.66.94.35' -w
/var/tmp/test.log'
'tcpdump -c 1000 -i ge-0/3/0 'host 10.66.94.35' -w /var/tmp/test.log'
'tcpdump -c 1000 -i ge-0/3/0.694 'host 10.66.94.35' -w
/var/tmp/test.log'

And kept getting a 'syntax' error.

Here is a 'show interface terse of 0/3/0'

ge-0/3/0                up    up
ge-0/3/0.676            up    up   inet     10.66.76.2/24
ge-0/3/0.677            up    up   inet     10.66.77.1/24
                                            10.66.77.2/24
ge-0/3/0.690            up    up   inet     10.66.90.1/24
                                            10.66.90.2/24
ge-0/3/0.694            up    up   inet     10.66.94.1/24
                                            10.66.94.2/24
ge-0/3/0.695            up    up   inet     10.66.95.2/24
ge-0/3/0.697            up    up   inet     10.66.97.2/24
ge-0/3/0.698            up    up   inet     10.66.98.1/24
                                            10.66.98.2/24
ge-0/3/0.699            up    up   inet     10.66.99.2/24








More information about the juniper-nsp mailing list