The “monitor traffic” command allows you to view the packets or their headers that pass through the routing module, which is very useful for diagnosing various problems.
Please note that the monitor traffic command works like tcpdump in Linux and if used incorrectly on a highly loaded router can lead to an increase in CPU load.
You can stop it by pressing the key combination CTRL+C.
Another example indicating the number of packets after which the execution of the command will stop:
monitor traffic count 2 monitor traffic detail count 2
monitor traffic extensive no-domain-names no-resolve no-timestamp count 10 matching "tcp" absolute-sequence
no-resolve will help not resolve IP addresses to domain names, which will remove delays due to DNS queries.
An example indicating the interface (the first commands I looked at the interface of the required user):
show subscribers show subscribers address 172.17.1.5 monitor traffic interface demux0.3221225499 count 25 size 1500 no-resolve detail matching udp monitor traffic interface lo0.0 count 25
Here are a few more examples:
monitor traffic matching "host 192.168.5.5" monitor traffic matching "src 192.168.5.5" monitor traffic matching "dst 192.168.5.6" monitor traffic matching "net 192.168.5.0/24" monitor traffic matching "icmp" no-resolve monitor traffic matching "arp" no-resolve monitor traffic matching "port 22" no-resolve monitor traffic matching "proto 89" no-resolve
The output of the command can be written to a file and then viewed:
monitor traffic write-file filename monitor traffic read-file filename