JunOS EVO Packet Capture

zero comment
juniper tech

It’s notoriously difficult to obtain packet captures in large networks. Was shown this trick by JTAC when monitor traffic just does not cut it.

I found this especially helpful when troubleshooting Multicast (more specifically an incorrect TTL set on source). 

root@redacted> start shell
[vrf:none] root@redacted:/var/home/redacted# su
sh-5.0# mirror_view -port et-0/0/20 -num_packets 200 -max_run_time 50


      Selected port   : et-0/0/20


Init  b' Create MTP SUCESS instName : CliPfe-cpuQ221 Ifd Index : 221\n Create Input is SUCESS  for Input Ifd : 1047\n Mirror Input Interface et-0/0/20 index : 1047 output index 221\n'
Teardown b' Mirror Deactivate\n Delete MTP SUCESS instName : CliPfe-cpuQ221 Ifd Index : 221\n'
Teardown b' Mirror Deactivate\n Delete MTP SUCESS instName : CliPfe-cpuQ221 Ifd Index : 221\n'
Total packets = 200
Completed decoding of packets.


***********************************************************************************

      Completed decoding of packets!

      mirrored pcap  file    = /var/tmp/somedate-da-port-et-0-0-20-mirrored.pcap
      decoded  pcap  file    = /var/tmp/somedate-da-port-et-0-0-20-decoded.pcap
      decoded sys-hdr file   = /var/tmp/somedate-da-port-et-0-0-20-sysheader.sys

***********************************************************************************

root

Network engineer by night, deep sleeper by day.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

Juniper Host Path Congestion