Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. juniper
monitor traffic matching
ariga at os
Dec 30, 2003, 3:11 AM
Post #1 of 2 (3483 views)
Permalink
hi, i'm using JUNOS 6.0.

i tried to tcpdump on Juniper using 'matching' but it didn't work.
i used 'not port 22' but it still shows packets with port 22.

did i miss something ?

// ARIGA Seiji


----
juniper> monitor traffic interface fe-0/0/0 no-resolve no-timestamp matching "not port 22"
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Listening on fe-0/0/0, capture size 96 bytes

In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 2642685192 win 24820
In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 97 win 24820
In IP 192.168.0.133.2752 > 192.168.128.244.135: S 2049344288:2049344288(0) win 16384 <mss 1414,nop,nop,sackOK>
Out IP 192.168.128.244.135 > 192.168.0.133.2752: R 0:0(0) ack 2049344289 win 0
In arp who-has 192.168.128.243 tell 192.168.128.246
In arp who-has 192.168.128.242 tell 192.168.128.246
In arp who-has 192.168.128.241 tell 192.168.128.246
^C
27 packets received by filter
0 packets dropped by kernel

juniper>
----
monitor traffic matching [ In reply to ]
josefb at juniper
Dec 30, 2003, 4:55 AM
Post #2 of 2 (3413 views)
Permalink
This is expected. Since on transit interfaces the L2 headers are
stripped off the offset for the matching condition does not match
anymore. this does only work for outbound traffic and for traffic
coming in via fxp0.

You can write the data into a file and then later examine it via
ethereal as an example

Josef


Tuesday, December 30, 2003, 9:11:14 AM, you wrote:
> hi, i'm using JUNOS 6.0.

> i tried to tcpdump on Juniper using 'matching' but it didn't work.
> i used 'not port 22' but it still shows packets with port 22.

> did i miss something ?

> // ARIGA Seiji


> ----
> verbose output suppressed, use <detail> or <extensive> for full protocol decode
> Listening on fe-0/0/0, capture size 96 bytes

> In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 2642685192 win 24820
> In IP 192.168.254.167.56762 > 192.168.128.1.22: . ack 97 win 24820
> In IP 192.168.0.133.2752 > 192.168.128.244.135: S
> 2049344288:2049344288(0) win 16384 <mss 1414,nop,nop,sackOK>
> Out IP 192.168.128.244.135 > 192.168.0.133.2752: R 0:0(0) ack 2049344289 win 0
> In arp who-has 192.168.128.243 tell 192.168.128.246
> In arp who-has 192.168.128.242 tell 192.168.128.246
> In arp who-has 192.168.128.241 tell 192.168.128.246
> ^C
> 27 packets received by filter
> 0 packets dropped by kernel

> ----
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal