Juniper. monitor traffic examples

The “monitor traffic” command allows you to view the packets or their headers that pass through the routing module, which is very useful for diagnosing various problems.

Simple start:

monitor traffic

Please note that the monitor traffic command works like tcpdump in Linux and if used incorrectly on a highly loaded router can lead to an increase in CPU load.
You can stop it by pressing the key combination CTRL+C.

Another example indicating the number of packets after which the execution of the command will stop:

monitor traffic count 2
monitor traffic detail count 2

Another example:

monitor traffic extensive no-domain-names no-resolve no-timestamp count 10 matching "tcp" absolute-sequence

no-resolve will help not resolve IP addresses to domain names, which will remove delays due to DNS queries.

An example indicating the interface (the first commands I looked at the interface of the required user):

show subscribers
show subscribers address 172.17.1.5
monitor traffic interface demux0.3221225499 count 25 size 1500 no-resolve detail matching udp
monitor traffic interface lo0.0 count 25

Here are a few more examples:

monitor traffic matching "host 192.168.5.5"
monitor traffic matching "src 192.168.5.5"
monitor traffic matching "dst 192.168.5.6"
monitor traffic matching "net 192.168.5.0/24"
monitor traffic matching "icmp" no-resolve
monitor traffic matching "arp" no-resolve
monitor traffic matching "port 22" no-resolve
monitor traffic matching "proto 89" no-resolve

The output of the command can be written to a file and then viewed:

monitor traffic write-file filename
monitor traffic read-file filename

See also my other articles about Juniper
Packet capturing with tcpdump

Leave a comment

Leave a Reply