check all interface traffic summary
> monitor interface traffic Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D Interface Link Input packets (pps) Output packets (pps) ge-0/0/0 Down 0 (0) 0 (0) gr-0/0/0 Up 0 (0) 0 (0) ip-0/0/0 Up 0 (0) 0 (0) lsq-0/0/0 Up 0 (0) 0 (0) lt-0/0/0 Up 0 (0) 0 (0) mt-0/0/0 Up 0 (0) 0 (0) sp-0/0/0 Up 0 (0) 0 (0) ge-0/0/1 Down 0 (0) 0 (0) (snip)
Only packets sent from SRX can be captured
> monitor traffic interface vlan.10 > monitor traffic interface ge-0/0/0.0 > monitor traffic interface vlan.10 matching "host 192.168.0.1 && udp && port 9997"
>monitor traffic interface ge-0/0/0.0 write-file test.pcap >monitor traffic read-file test.pcap
Only packets sent from SRX can be captured
> start shell user root % whoami root
or
> start shell % su % whoami root
% tcpdump -i ge-0/0/0 % tcpdump -i vlan.199 % tcpdump -r /var/tmp/test-cap % tcpdump -n host 192.168.0.1 and udp and port 9997
delete system syslog file set system syslog file traffic-log any any set system syslog file traffic-log match "RT_FLOW_SESSION"
set security policies from-zone XXX to-zne XXX policy XXXX match source-address XXXXX set security policies from-zone XXX to-zne XXX policy XXXX match destination-address XXXXX set security policies from-zone XXX to-zne XXX policy XXXX application XXXX set security policies from-zone XXX to-zne XXX policy XXXX then permit set security policies from-zone XXX to-zne XXX policy XXXX then log session-init set security policies from-zone XXX to-zne XXX policy XXXX then log session-close
commit confirmed <- 10 miniutes
> show log /va/log/traffic-log > show log /va/log/traffic-log | last 100
> start shell % su Password: % cd /va/log % tail -f traffic-log
Juniper Junos CLI Commands(SRX/QFX/EX)