Capturing packets on juniper switches

From Notes_Wiki

Home > Switch configuration notes > Capturing packets on juniper switches

Note that below mentioned options only capture packets sent / to from Juniper switch interface IPs. If a packet is traversing (switched / routed) via the switch without being explictly addressed to switch, then such traffic is not captured via below methods. For complete capture including switched/routed traffic refer Analyzing traffic on juniper switches


To capture packets on juniper switches there are two options:

tcpdump
For this we need to start shell using 'start shell sh' followed by root access using 'su -' to be able to run tcpdump. tcpdump options and syntax are exactly same as the Linux tcpdump command. See https://kb.juniper.net/InfoCenter/index?page=content&id=KB23313
monitor traffic
Using this we can capture traffic received / sent from interface. This has options similar to tcpdump but for this we dont need to go to shell and get root access. See https://community.juniper.net/communities/community-home/digestviewer/viewthread?MID=73549 for example on how to use monitor traffic interface command.


There are also mentions of options such as 'set forwarding-options packet-capture' at documentation at https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/analyze-network-traffic-by-using-packet-capture.html

However while working with a few switches we could not get any packet-capture within forwarding-options. Also trying

set interface <interface-name-1> unit 0 family inet sampling input output

followed by 'commit check' led to many error messages.



Home > Switch configuration notes > Capturing packets on juniper switches