awa Network: September 2013

Monday, September 30, 2013

The Logical Tunnel Interface for Juniper

The summary of Juniper Virtual-Router are confirm can run dynamic routing-protocols, OSPF, BGP and packet capture between them use 'monitor traffic'. Communication between Virtual-Router use physical cable loop (jumper). There are a few different way to leak traffic between Virtual-Router logically. The one of them is logical tunnel interface, LT need little config to connect between Virtual-Router.

Please find the example logical tunnel interface, Please check also mini Lab OSPF use physical cable between them, I will add logical interface with that config as pre-config.

#### Create Logical Tunnel Interface
set interfaces lt-0/0/0 unit 10 description "to R1 lt-0/0/0.11 logical tunnel"
set interfaces lt-0/0/0 unit 10 encapsulation ethernet
set interfaces lt-0/0/0 unit 10 peer-unit 11
set interfaces lt-0/0/0 unit 10 family inet address 172.16.11.10/24

set interfaces lt-0/0/0 unit 11 description "to R0 lt-0/0/0.10 logical tunnel"
set interfaces lt-0/0/0 unit 11 encapsulation ethernet
set interfaces lt-0/0/0 unit 11 peer-unit 10
set interfaces lt-0/0/0 unit 11 family inet address 172.16.11.11/24

#### R0
set routing-instances R0 interface lt-0/0/0.10

#### R1
set routing-instances R1 interface lt-0/0/0.11

#### Verify and Ping Test
user@JunOS> ping routing-instance R0 172.16.11.11 source 172.16.11.10 rapid
PING 172.16.11.11 (172.16.11.11): 56 data bytes
!!!!!
--- 172.16.11.11 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.002/3.867/4.676/0.686 ms

user@JunOS> ping routing-instance R1 172.16.11.10 source 172.16.11.11 rapid
PING 172.16.11.10 (172.16.11.10): 56 data bytes
!!!!!
--- 172.16.11.10 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.088/5.639/9.520/2.867 ms

user@JunOS> show arp
MAC Address Address Name Interface Flags
b0:c6:9a:xx:yy:00 172.16.1.10 172.16.1.10 ge-0/0/1.0 none
b0:c6:9a:xx:yy:01 172.16.1.11 172.16.1.11 ge-0/0/0.0 none
b0:c6:9a:xx:yy:00 172.16.11.10 172.16.11.10 lt-0/0/0.11 none
b0:c6:9a:xx:yy:01 172.16.11.11 172.16.11.11 lt-0/0/0.10 none
Total entries: 4

What's next ?
I will join new interface to OSPF instance.
Please stay tune :-)

#### OSPF between R0 and R1
user@JunOS> edit
Entering configuration mode

[edit]
user@JunOS# set routing-instances R0 protocols ospf area 0.0.0.0 interface lt-0/0/0.10

[edit]
user@JunOS# set routing-instances R1 protocols ospf area 0.0.0.0 interface lt-0/0/0.11

[edit]
user@JunOS# show | compare
[edit routing-instances R0 protocols ospf area 0.0.0.0]
interface ge-0/0/0.0 { ... }
+ interface lt-0/0/0.10;
[edit routing-instances R1 protocols ospf area 0.0.0.0]
interface ge-0/0/1.0 { ... }
+ interface lt-0/0/0.11;

[edit]
user@JunOS# commit
commit complete

[edit]
user@JunOS#

#### Verify OSPF
user@JunOS> show ospf neighbor instance all
Instance: R0
Address Interface State ID Pri Dead
172.16.1.11 ge-0/0/0.0 Full 172.16.1.11 128 39
172.16.11.11 lt-0/0/0.10 Full 172.16.1.11 128 36

Instance: R1
Address Interface State ID Pri Dead
172.16.1.10 ge-0/0/1.0 Full 172.16.1.10 128 31
172.16.11.10 lt-0/0/0.11 Full 172.16.1.10 128 37

user@JunOS> show ospf interface instance R0 detail
Interface State Area DR ID BDR ID Nbrs
ge-0/0/0.0 BDR 0.0.0.0 172.16.1.11 172.16.1.10 1
Type: LAN, Address: 172.16.1.10, Mask: 255.255.255.0, MTU: 1500, Cost: 1
DR addr: 172.16.1.11, BDR addr: 172.16.1.10, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 0
lt-0/0/0.10 BDR 0.0.0.0 172.16.1.11 172.16.1.10 1
Type: LAN, Address: 172.16.11.10, Mask: 255.255.255.0, MTU: 1500, Cost: 1
DR addr: 172.16.11.11, BDR addr: 172.16.11.10, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 0

user@JunOS> show ospf interface instance R1 detail
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.0 DR 0.0.0.0 172.16.1.11 172.16.1.10 1
Type: LAN, Address: 172.16.1.11, Mask: 255.255.255.0, MTU: 1500, Cost: 1
DR addr: 172.16.1.11, BDR addr: 172.16.1.10, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 0
lt-0/0/0.11 DR 0.0.0.0 172.16.1.11 172.16.1.10 1
Type: LAN, Address: 172.16.11.11, Mask: 255.255.255.0, MTU: 1500, Cost: 1
DR addr: 172.16.11.11, BDR addr: 172.16.11.10, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 0

Monday, September 23, 2013

Mini Lab BGP and Packet Capture with Virtual-Router

Previous posted about setup mini lab OSPF with one Juniper use virtual-router to separate route table. The virtual-router is not just separate routing table as basic function, but some of other feature can also separated. It's not just OSPF can run between virtual-router, BGP routing protocols can running well. This is great feature, why ? because a physical router can setup multiple AS number to running multiple BGP process.

The other great way from JunOS to really separation is Logical-Systems (LSYS). LSYS isn't just traffic separation and some feature, but LSYS can administrative separation, logging separation and resource separation. The purpose is to partition system, the system don't talk each other. Special for SRX system, LSYS only allow for the high end SRX (SRX1400, SRX3400, SRX3600, SRX5600 and SRX5800) and also have licenses.

#### R0
user@JunOS> show configuration routing-instances R0
instance-type virtual-router;
interface ge-0/0/0.0;
routing-options {
autonomous-system 10;
}
protocols {
bgp {
group BGPtoR1 {
type external;
peer-as 11;
neighbor 172.16.1.11;
}
}
}

#### R1
user@JunOS> show configuration routing-instances R1
instance-type virtual-router;
interface ge-0/0/1.0;
routing-options {
autonomous-system 11;
}
protocols {
bgp {
group BGPtoR0 {
type external;
peer-as 10;
neighbor 172.16.1.10;
}
}
}

#### Verify BGP
user@JunOS> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.10 10 14 15 0 0 5:20 Establ
R1.inet.0: 0/0/0/0
172.16.1.11 11 14 14 0 0 5:20 Establ
R0.inet.0: 0/0/0/0

user@JunOS> show bgp neighbor instance R0 | no-more
Peer: 172.16.1.11+179 AS 11 Local: 172.16.1.10+51682 AS 10
Type: External State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options:
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 172.16.1.11 Local ID: 172.16.1.10 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: ge-0/0/0.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 11)
Table R0.inet.0 Bit: 10000
RIB State: BGP restart is complete
RIB State: VPN restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 0
Last traffic (seconds): Received 8 Sent 17 Checked 24
Input messages: Total 15 Updates 1 Refreshes 0 Octets 289
Output messages: Total 15 Updates 0 Refreshes 0 Octets 348
Output Queue[0]: 0

user@JunOS> show bgp neighbor instance R1 | no-more
Peer: 172.16.1.10+51682 AS 10 Local: 172.16.1.11+179 AS 11
Type: External State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options:
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 172.16.1.10 Local ID: 172.16.1.11 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: ge-0/0/1.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 10)
Table R1.inet.0 Bit: 20000
RIB State: BGP restart is complete
RIB State: VPN restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 0
Last traffic (seconds): Received 21 Sent 12 Checked 12
Input messages: Total 15 Updates 1 Refreshes 0 Octets 329
Output messages: Total 16 Updates 0 Refreshes 0 Octets 367
Output Queue[1]: 0

Then after the BGP established, I will disable interface in R0 ge-0/0/0.0 then enable again. During enable interface ge-0/0/0.0 also capture traffic in R1 ge-0/0/1.0 use internal feature 'monitor traffic'.

#### Verify BGP Packet Capture
user@JunOS> monitor traffic interface ge-0/0/1
verbose output suppressed, use or for full protocol decode
Address resolution is ON. Use to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/1, capture size 96 bytes

Reverse lookup for 172.16.1.11 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use to avoid reverse lookups on IP addresses.

08:46:01.819936 Out IP truncated-ip - 4 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: S 1242851017:1242851017(0) win 16384
08:46:04.922312 Out IP truncated-ip - 4 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: S 1242851017:1242851017(0) win 16384
08:46:06.452115 In IP 172.16.1.10.51682 > 172.16.1.11.bgp: FP 3682718233:3682718254(21) ack 1992165605 win 16384 : BGP, length: 21
08:46:06.452337 Out IP 172.16.1.11.bgp > 172.16.1.10.51682: R 1992165605:1992165605(0) win 0
08:46:08.205122 Out IP truncated-ip - 4 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: S 1242851017:1242851017(0) win 16384
08:46:08.208571 In IP 172.16.1.10.bgp > 172.16.1.11.58976: S 376449534:376449534(0) ack 1242851018 win 16384
08:46:08.208894 Out IP 172.16.1.11.58976 > 172.16.1.10.bgp: . ack 1 win 17376
08:46:08.209875 Out IP truncated-ip - 51 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 1:60(59) ack 1 win 17376 : BGP, length: 59
08:46:08.217495 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 1:60(59) ack 60 win 16384 : BGP, length: 59
08:46:08.218170 Out IP truncated-ip - 11 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 60:79(19) ack 60 win 17317 : BGP, length: 19
08:46:08.238541 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 60:79(19) ack 79 win 16365 : BGP, length: 19
08:46:08.240109 Out IP truncated-ip - 11 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 79:98(19) ack 79 win 17298 : BGP, length: 19
08:46:08.258311 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 79:121(42) ack 98 win 16365 : BGP, length: 42
08:46:08.258629 Out IP truncated-ip - 15 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 98:121(23) ack 121 win 17256 : BGP, length: 23
08:46:08.365815 In IP 172.16.1.10.bgp > 172.16.1.11.58976: . ack 121 win 16384

08:46:35.063993 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 121:140(19) ack 121 win 16384 : BGP, length: 19
08:46:35.165828 Out IP 172.16.1.11.58976 > 172.16.1.10.bgp: . ack 140 win 17237
08:46:35.902168 Out IP truncated-ip - 11 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 121:140(19) ack 140 win 17237 : BGP, length: 19
08:46:36.006820 In IP 172.16.1.10.bgp > 172.16.1.11.58976: . ack 140 win 16384

^C
19 packets received by filter
0 packets dropped by kernel

user@JunOS> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.10 10 443 449 0 1 56 Establ
R1.inet.0: 0/0/0/0
172.16.1.11 11 4 4 0 1 56 Establ
R0.inet.0: 0/0/0/0

Friday, September 20, 2013

Mini Lab OSPF with Juniper Virtual-Router

Good Friday, Today I will setup mini lab with one Juniper device. That is one reason why JunOS is cool, We can setup one Juniper router/firewall/switch for mini lab and create many scenario for practice and practice, That is cool .. yeah.

We can create so many simple scenario, like for find packet exchange between routing-protocols, test filter, create policy, and other features.

Before prepare and set configuration, connect physical cable between port/interface ge-0/0/0 and ge-0/0/1.

#### Simple Connectivity R0 and R1
#### R0
user@JunOS> show configuration routing-instances R0
instance-type virtual-router;
interface ge-0/0/0.0;

user@JunOS> show configuration interfaces ge-0/0/0
unit 0 {
description "to R1 ge-0/0/1";
family inet {
address 172.16.1.10/24;
}
}

#### R1
user@JunOS> show configuration routing-instances R1
instance-type virtual-router;
interface ge-0/0/1.0;

user@JunOS> show configuration interfaces ge-0/0/1
unit 0 {
description "to R0 ge-0/0/0";
family inet {
address 172.16.1.11/24;
}
}

#### Verify and Ping Test
user@JunOS> ping routing-instance R0 172.16.1.11 source 172.16.1.10 rapid
PING 172.16.1.11 (172.16.1.11): 56 data bytes
!!!!!
--- 172.16.1.11 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.709/3.806/5.937/1.107 ms

user@JunOS> ping routing-instance R1 172.16.1.10 source 172.16.1.11 rapid
PING 172.16.1.10 (172.16.1.10): 56 data bytes
!!!!!
--- 172.16.1.10 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.044/4.342/8.891/2.277 ms

user@JunOS> show arp
MAC Address Address Name Interface Flags
b0:c6:9a:xx:yy:zz 172.16.1.10 172.16.1.10 ge-0/0/1.0 none
b0:c6:9a:xx:yy:zz 172.16.1.11 172.16.1.11 ge-0/0/0.0 none
Total entries: 2

#### OSPF between R0 and R1
user@JunOS> configure
Entering configuration mode

[edit]
user@JunOS# set routing-instances R0 protocols ospf area 0.0.0.0 interface ge-0/0/0.0

[edit]
user@JunOS# set routing-instances R1 protocols ospf area 0.0.0.0 interface ge-0/0/1.0

[edit]
user@JunOS# show | compare
[edit routing-instances R0]
+ protocols {
+ ospf {
+ area 0.0.0.0 {
+ interface ge-0/0/0.0;
+ }
+ }
+ }
[edit routing-instances R1]
+ protocols {
+ ospf {
+ area 0.0.0.0 {
+ interface ge-0/0/1.0;
+ }
+ }
+ }

[edit]
user@JunOS# commit
commit complete

[edit]
user@JunOS#

#### Verify OSPF
user@JunOS> show ospf neighbor instance all
Instance: R0
Address Interface State ID Pri Dead
172.16.1.11 ge-0/0/0.0 Full 172.16.1.11 128 33

Instance: R1
Address Interface State ID Pri Dead
172.16.1.10 ge-0/0/1.0 Full 172.16.1.10 128 35

user@JunOS> show route table R0

R0.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.1.0/24 *[Direct/0] 00:14:12
> via ge-0/0/0.0
172.16.1.10/32 *[Local/0] 00:14:12
Local via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 00:04:07, metric 1
MultiRecv

user@JunOS> show route table R1

R1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.1.0/24 *[Direct/0] 00:14:23
> via ge-0/0/1.0
172.16.1.11/32 *[Local/0] 00:14:23
Local via ge-0/0/1.0
224.0.0.5/32 *[OSPF/10] 00:04:18, metric 1
MultiRecv

Monday, September 16, 2013

Firewall Juniper SRX Implicit Deny

This is note and tutorial how to configure smoothly firewall Juniper SRX.

Basicly Juniper SRX is same behaviour with other variant JunOS router and JunOS switch. But as firewall SRX have specific behaviour of security feature. To simple identify specific security feature is SRX have more config under security tree.

#### Juniper SRX Security tree

user@JunOSRX> configure
Entering configuration mode

[edit]
user@JunOSRX# set security ?
Possible completions:
> alg Configure ALG security options
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> certificates X.509 certificate configuration
> dynamic-vpn Configure dynamic VPN
> firewall-authentication Firewall authentication parameters
> flow FLOW configuration
> forwarding-options Security-forwarding-options configuration
> ike IKE configuration
> ipsec IPSec configuration
> log Configure security log
> nat Configure Network Address Translation
> pki PKI service configuration
> policies Configure Network Security Policies
> resource-manager Configure resource manager security options
> screen Configure screen feature
> ssh-known-hosts SSH known host list
> traceoptions Network security daemon tracing options
> zones Zone configuration
[edit]
user@JunOSRX# exit
Exiting configuration mode

user@JunOSRX> show security ?
Possible completions:
alg Show ALG security services information
dynamic-policies Show security dynamic policies
dynamic-vpn Show Dynamic VPN Remote Access information
firewall-authentication Show firewall authentication tables, information
flow Show flow information
ike Show Internet Key Exchange information
ipsec Show IP Security information
monitoring Show security SPU monitoring information
nat Show Network Address Translation information
pki Show public-key infrastructure information
policies Show security firewall policies
resource-manager Show resource manager security services information
screen Show screen service information
zones Show security zone information
user@JunOSRX>

Due to SRX as firewall, it has strict rule for some configuration. The simple strict rule is implicit deny. By default all interface in Juniper SRX is implicit deny, that is mean all traffic is deny for ingress and egress. All interface is control under zone (or policy).

#### Example Set Physical Interface and Zone

user@JunOSRX> show configuration interfaces ge-0/0/1
unit 0 {
family inet {
address 172.16.0.1/24;
}
}

user@JunOSRX> show configuration security zones security-zone GE001
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
}

#### Example Set Logical Interface and Zone

user@JunOSRX> show configuration vlans VLAN7
vlan-id 7;
l3-interface vlan.7;

user@JunOSRX> show configuration interfaces fe-0/0/7
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members VLAN7;
}
}
}

user@JunOSRX> show configuration interfaces vlan unit 7
family inet {
address 172.16.0.7/24;
}

user@JunOSRX> show configuration security zones security-zone FE007
interfaces {
vlan.7 {
host-inbound-traffic {
system-services {
all;
}
}
}
}

Thank you :-)

Saturday, September 7, 2013

NTP Server on JunOS (Juniper Operating Sytem)

Several days ago, I have posted about use 'set date ntp' for set date time on JunOS. This intruction is set date time on JunOS, use NTP server and time-zone.

#### Set NTP server and Time-zone

user@JunOS> show configuration | match ntp | display set
set system ntp server 192.168.2.2

user@JunOS> show configuration | match time | display set
set system time-zone Asia/Jakarta

#### Verify and failed 'write to localhost failed: No route to host'

user@JunOS> show ntp status
/usr/bin/ntpq: write to localhost failed: No route to host

user@JunOS> show ntp associations
/usr/bin/ntpq: write to localhost failed: No route to host

#### Solve it
#### 1. add 127.0.0.1 in lo0
#### 2. set static localhost to 127.0.0.1 (optional)

[edit]
user@JunOS# show | compare
[edit system]
+ static-host-mapping {
+ localhost inet 127.0.0.1;
+ }
[edit interfaces]
+ lo0 {
+ unit 0 {
+ family inet {
+ address 127.0.0.1/32;
+ }
+ }
+ }

#### Verify

user@JunOS> show ntp status
status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.0-a Tue Nov 3 09:45:49 UTC 2009 (1)",
processor="mips", system="JUNOS10.0R1.8", leap=11, stratum=16,
precision=-17, rootdelay=0.000, rootdispersion=0.315, peer=0,
refid=INIT, reftime=00000000.00000000 Thu, Feb 7 2036 13:28:16.000,
poll=4, clock=d5d2d4d5.dd5c7319 Thu, Sep 5 2013 17:00:53.864, state=1,
offset=0.000, frequency=0.000, jitter=0.008, stability=0.000

user@JunOS> show ntp associations
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.2.2 .INIT. 16 - 3 64 0 0.000 0.000 4000.00

The last thing, adjust your devices time, make sure it's accurate.
Happy weekend.

Ref.
Set Date Time on Cisco Router
Set Date Time on JunOS (Juniper Operating Sytem)

Friday, September 6, 2013

Juniper Packet Capture like TCPdump (monitor traffic)

Now, the demo of packet capture like TCPdump in Juniper JunOS. It is possible to gather packet a tcpdump-format. With 'monitor traffic' command you can capture packet same as with TCPdump realtime in your session remote (console, ssh, telnet). To write into file use hidden command 'monitor traffic write-file'. The file will be save in /var partition and can display into TCPdump ASCII format using 'monitor traffic read-file'. These commands are hidden due to concerns writing large files to the /var partition, causing a lack of disk space and performance.

#### Show real-time network traffic information

user@JunOS> monitor traffic interface ge-0/0/0
verbose output suppressed, use or for full protocol decode
Address resolution is ON. Use to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 96 bytes

Reverse lookup for 192.168.2.1 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use to avoid reverse lookups on IP addresses.

05:24:12.925727 In arp who-has 192.168.2.1 tell 192.168.2.2
05:24:12.925845 Out arp reply 192.168.2.1 is-at b0:c6:9a:88:bc:0
05:24:12.926047 In arp who-has 192.168.2.1 tell 192.168.2.2
05:24:12.926130 Out arp reply 192.168.2.1 is-at b0:c6:9a:88:bc:0
05:24:13.466718 Out IP truncated-ip - 10 bytes missing! 192.168.2.1.61206 > resolver1.opendns.com.domain: 2417]
05:24:13.548233 In IP resolver1.opendns.com.domain > 192.168.2.1.61206: 2417* 0/1/0 (101)
05:24:13.553227 Out IP truncated-ip - 10 bytes missing! 192.168.2.1.65054 > resolver1.opendns.com.domain: 2418]
05:24:13.631229 In IP resolver1.opendns.com.domain > 192.168.2.1.65054: 2418* 0/1/0 (101)
05:24:14.657429 Out IP truncated-ip - 13 bytes missing! 192.168.2.1.54908 > resolver1.opendns.com.domain: 2419]
05:24:14.741374 In IP resolver1.opendns.com.domain > 192.168.2.1.54908: 2419 1/0/0 (80)
^C
10 packets received by filter
0 packets dropped by kernel

#### Capture and save real-time packet traffic

user@JunOS> monitor traffic interface ge-0/0/0 write-file GE000
Address resolution is ON. Use to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/0, capture size 96 bytes

^C
123 packets received by filter
0 packets dropped by kernel

#### File save at /var partition

user@JunOS> file list detail

/var/home/user/:
total 40
drwxr-xr-x 2 user staff 512 Sep 6 05:14 .ssh/
-rw-r--r-- 1 user staff 12946 Sep 6 05:19 GE000

#### Download and rename the file to GE000.pcap for easy open

#### Display TCPdump ASCII format packet traffic from file

user@JunOS> monitor traffic read-file GE000
Reverse lookup for 192.168.2.1 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use to avoid reverse lookups on IP addresses.

05:18:39.789704 In arp who-has 192.168.2.1 tell 192.168.2.2
05:18:39.789824 Out arp reply 192.168.2.1 is-at b0:c6:9a:88:bc:0
05:18:39.790066 In arp who-has 192.168.2.1 tell 192.168.2.2
05:18:39.790142 Out arp reply 192.168.2.1 is-at b0:c6:9a:88:bc:0
05:18:48.860994 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: S 2260686473:2260686473(0) win 14600
05:18:48.861399 Out IP truncated-ip - 4 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: S 3351285066:3351285066(0) ack 2260686474 win 65535
05:18:48.863352 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 1 win 229
05:18:49.585193 Out IP truncated-ip - 13 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1:22(21) ack 1 win 33304
05:18:49.587609 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 22 win 229
05:18:49.587958 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1:33(32) ack 22 win 229
05:18:49.607246 Out IP truncated-ip - 664 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 22:694(672) ack 33 win 33304
05:18:49.609655 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 33:1305(1272) ack 694 win 274
05:18:49.711867 Out IP 192.168.2.1.ssh > 192.168.2.2.54091: . ack 1305 win 33304
05:18:49.719612 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1305:1577(272) ack 694 win 274
05:18:49.821451 Out IP 192.168.2.1.ssh > 192.168.2.2.54091: . ack 1577 win 33304
05:18:50.183006 Out IP truncated-ip - 840 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 694:1542(848) ack 1577 win 33304
05:18:50.222911 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 1542 win 319
05:18:50.225260 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1577:1593(16) ack 1542 win 319
05:18:50.327305 Out IP 192.168.2.1.ssh > 192.168.2.2.54091: . ack 1593 win 33304
05:18:50.329381 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1593:1641(48) ack 1542 win 319
05:18:50.330990 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1542:1590(48) ack 1641 win 33304
05:18:50.333051 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 1590 win 319
05:18:50.334057 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1641:1705(64) ack 1590 win 319
05:18:50.349270 Out IP truncated-ip - 72 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1590:1670(80) ack 1705 win 33304
05:18:50.351785 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1705:1801(96) ack 1670 win 319
05:18:50.354383 Out IP truncated-ip - 72 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1670:1750(80) ack 1801 win 33304
05:18:50.392789 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 1750 win 319
05:18:52.847791 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1801:1945(144) ack 1750 win 319
05:18:52.858921 Out IP truncated-ip - 24 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1750:1782(32) ack 1945 win 33304
05:18:52.860991 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 1782 win 319
05:18:52.861950 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 1945:2009(64) ack 1782 win 319
05:18:52.878068 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1782:1830(48) ack 2009 win 33304
05:18:52.881020 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2009:2521(512) ack 1830 win 319
05:18:52.893289 Out IP truncated-ip - 104 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1830:1942(112) ack 2521 win 33304
05:18:52.906101 Out IP truncated-ip - 88 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 1942:2038(96) ack 2521 win 33304
05:18:52.908097 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2038 win 319
05:18:53.628505 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2038:2086(48) ack 2521 win 33304
05:18:53.662747 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2086 win 319
05:18:54.515455 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2521:2569(48) ack 2086 win 319
05:18:54.519759 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2086:2134(48) ack 2569 win 33304
05:18:54.521963 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2134 win 319
05:18:54.523145 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2134:2182(48) ack 2569 win 33304
05:18:54.524950 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2182 win 319
05:18:54.526354 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2182:2230(48) ack 2569 win 33304
05:18:54.534863 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2230 win 319
05:18:55.161062 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2569:2617(48) ack 2230 win 319
05:18:55.162720 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2230:2278(48) ack 2617 win 33304
05:18:55.164984 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2278 win 319
05:18:55.271291 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2617:2665(48) ack 2278 win 319
05:18:55.272852 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2278:2326(48) ack 2665 win 33304
05:18:55.274950 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2326 win 319
05:18:55.439346 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2665:2713(48) ack 2326 win 319
05:18:55.441130 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2326:2374(48) ack 2713 win 33304
05:18:55.443187 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2374 win 319
05:18:55.615082 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2713:2761(48) ack 2374 win 319
05:18:55.620381 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2374:2422(48) ack 2761 win 33304
05:18:55.622860 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2422 win 319
05:18:55.945081 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2761:2809(48) ack 2422 win 319
05:18:55.947109 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2422:2470(48) ack 2809 win 33304
05:18:55.948743 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2470 win 319
05:18:56.087113 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2809:2857(48) ack 2470 win 319
05:18:56.088908 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2470:2518(48) ack 2857 win 33304
05:18:56.090994 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2518 win 319
05:18:56.228964 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2857:2905(48) ack 2518 win 319
05:18:56.238439 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2518:2566(48) ack 2905 win 33304
05:18:56.240500 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2566 win 319
05:18:56.617310 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2905:2953(48) ack 2566 win 319
05:18:56.619017 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2566:2614(48) ack 2953 win 33304
05:18:56.621140 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2614 win 319
05:18:56.724604 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 2953:3001(48) ack 2614 win 319
05:18:56.726683 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2614:2662(48) ack 3001 win 33304
05:18:56.734494 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2662 win 319
05:18:56.790282 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3001:3049(48) ack 2662 win 319
05:18:56.792131 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2662:2710(48) ack 3049 win 33304
05:18:56.794314 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2710 win 319
05:18:56.871488 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3049:3097(48) ack 2710 win 319
05:18:56.873043 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2710:2758(48) ack 3097 win 33304
05:18:56.875460 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2758 win 319
05:18:56.999019 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3097:3145(48) ack 2758 win 319
05:18:57.008729 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2758:2806(48) ack 3145 win 33304
05:18:57.010786 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2806 win 319
05:18:57.014512 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2806:2854(48) ack 3145 win 33304
05:18:57.016499 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2854 win 319
05:18:57.069738 Out IP truncated-ip - 10 bytes missing! 192.168.2.1.50043 > resolver1.opendns.com.domain: 50735+[|domain]
05:18:57.153962 In IP resolver1.opendns.com.domain > 192.168.2.1.50043: 50735* 0/1/0 (101)
05:18:57.167438 Out IP truncated-ip - 88 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2854:2950(96) ack 3145 win 33304
05:18:57.169605 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 2950 win 319
05:18:57.172397 Out IP truncated-ip - 184 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 2950:3142(192) ack 3145 win 33304
05:18:57.174411 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3142 win 346
05:18:57.323085 Out IP truncated-ip - 120 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3142:3270(128) ack 3145 win 33304
05:18:57.325114 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3270 win 372
05:18:57.326457 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3270:3318(48) ack 3145 win 33304
05:18:57.328881 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3318 win 372
05:18:57.330019 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3318:3366(48) ack 3145 win 33304
05:18:57.332024 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3366 win 372
05:18:58.537156 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3145:3193(48) ack 3366 win 372
05:18:58.538923 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3366:3414(48) ack 3193 win 33304
05:18:58.540886 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3414 win 372
05:18:58.879534 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3193:3241(48) ack 3414 win 372
05:18:58.881627 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3414:3462(48) ack 3241 win 33304
05:18:58.883659 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3462 win 372
05:18:59.029543 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3241:3289(48) ack 3462 win 372
05:18:59.031534 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3462:3510(48) ack 3289 win 33304
05:18:59.033547 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3510 win 372
05:18:59.223213 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3289:3337(48) ack 3510 win 372
05:18:59.225076 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3510:3558(48) ack 3337 win 33304
05:18:59.227292 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3558 win 372
05:18:59.359297 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3337:3385(48) ack 3558 win 372
05:18:59.366296 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3558:3606(48) ack 3385 win 33304
05:18:59.371670 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3606 win 372
05:18:59.380601 Out IP truncated-ip - 40 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3606:3654(48) ack 3385 win 33304
05:18:59.400950 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3654 win 372
05:18:59.403784 Out IP truncated-ip - 104 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3654:3766(112) ack 3385 win 33304
05:18:59.404299 Out IP truncated-ip - 56 bytes missing! 192.168.2.1.ssh > 192.168.2.2.54091: P 3766:3830(64) ack 3385 win 33304
05:18:59.407265 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3766 win 372
05:18:59.407722 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3830 win 372
05:18:59.408015 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3385:3417(32) ack 3830 win 372
05:18:59.409197 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: P 3417:3481(64) ack 3830 win 372
05:18:59.409426 Out IP 192.168.2.1.ssh > 192.168.2.2.54091: . ack 3481 win 33256
05:18:59.413096 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: F 3481:3481(0) ack 3830 win 372
05:18:59.413348 Out IP 192.168.2.1.ssh > 192.168.2.2.54091: . ack 3482 win 33304
05:18:59.415694 Out IP 192.168.2.1.ssh > 192.168.2.2.54091: F 3830:3830(0) ack 3482 win 33304
05:18:59.426199 In IP 192.168.2.2.54091 > 192.168.2.1.ssh: . ack 3831 win 372

user@JunOS>

awa Network