[j-nsp] tcpdump
Thompson, Jerrold
ThompsonJB at mgmmirage.net
Mon Jan 21 13:26:15 EST 2008
Hi,
I'm trying to capture unicast traffic from a subinterface on an m10i
router running 8.0 code.
Started out with a "start shell user root" and then ran a
'tcpdump -c 1000 -nvi ge-0/3/0.694 -w /var/tmp/test.log'
And it kind of worked, but only caught slow path traffic destined to the
cpu exactly like a monitor command.
Can anybody tell me how to catch the unicast traffic with an IP host
filter? I've tried:
'tcpdump -c 1000 -nvi ge-0/3/0 host 10.66.94.35 -w /var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0 ip host 10.66.94.35 -w /var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0.694 host 10.66.94.35 -w
/var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0.694 ip host 10.66.94.35 -w
/var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0 'host 10.66.94.35' -w /var/tmp/test.log'
'tcpdump -c 1000 -nvi ge-0/3/0.694 'host 10.66.94.35' -w
/var/tmp/test.log'
'tcpdump -c 1000 -i ge-0/3/0 'host 10.66.94.35' -w /var/tmp/test.log'
'tcpdump -c 1000 -i ge-0/3/0.694 'host 10.66.94.35' -w
/var/tmp/test.log'
And kept getting a 'syntax' error.
Here is a 'show interface terse of 0/3/0'
ge-0/3/0 up up
ge-0/3/0.676 up up inet 10.66.76.2/24
ge-0/3/0.677 up up inet 10.66.77.1/24
10.66.77.2/24
ge-0/3/0.690 up up inet 10.66.90.1/24
10.66.90.2/24
ge-0/3/0.694 up up inet 10.66.94.1/24
10.66.94.2/24
ge-0/3/0.695 up up inet 10.66.95.2/24
ge-0/3/0.697 up up inet 10.66.97.2/24
ge-0/3/0.698 up up inet 10.66.98.1/24
10.66.98.2/24
ge-0/3/0.699 up up inet 10.66.99.2/24
More information about the juniper-nsp
mailing list