The “monitor traffic” command allows you to view the packets or their headers that pass through the routing module, which is very useful for diagnosing various problems.
Simple start:
monitor traffic
Please note that the monitor traffic command works like tcpdump in Linux and if used incorrectly on a highly loaded router can lead to an increase in CPU load.
You can stop it by pressing the key combination CTRL+C.
Another example indicating the number of packets after which the execution of the command will stop:
monitor traffic count 2
monitor traffic detail count 2
Another example:
monitor traffic extensive no-domain-names no-resolve no-timestamp count 10 matching "tcp" absolute-sequence
no-resolve will help not resolve IP addresses to domain names, which will remove delays due to DNS queries.
An example indicating the interface (the first commands I looked at the interface of the required user):
show subscribers
show subscribers address 172.17.1.5
monitor traffic interface demux0.3221225499 count 25 size 1500 no-resolve detail matching udp
monitor traffic interface lo0.0 count 25
Here are a few more examples:
monitor traffic matching "host 192.168.5.5"
monitor traffic matching "src 192.168.5.5"
monitor traffic matching "dst 192.168.5.6"
monitor traffic matching "net 192.168.5.0/24"
monitor traffic matching "icmp" no-resolve
monitor traffic matching "arp" no-resolve
monitor traffic matching "port 22" no-resolve
monitor traffic matching "proto 89" no-resolve
The output of the command can be written to a file and then viewed:
monitor traffic write-file filename
monitor traffic read-file filename
See also my other articles about Juniper
Packet capturing with tcpdump