网络工程 - 如何在 Juniper EX480 中使用监控流量只显示 In 包？ - 吾爱随笔录

如何在 Juniper EX480 中使用监控流量只显示 In 包？

网络工程杜松

2021-07-31 04:06:51

我使用monitor traffic工具：

run monitor traffic interface ae16 命令：

19:04:52.820205 Out arp who-has 16.23.40.133 tell 16.23.40.134              
19:04:52.820210 Out arp who-has 43.243.33.66 tell 43.243.33.70                  
19:04:52.820216 Out arp who-has 16.23.40.45 tell 16.23.40.46                
19:04:52.820243 Out arp who-has 16.23.40.242 tell 16.23.40.246              
19:04:52.820250 Out arp who-has 16.23.43.199 tell 16.23.43.222              
19:04:52.820256 Out arp who-has 43.243.33.204 tell 43.243.33.206                
19:04:52.820261 Out arp who-has 16.23.43.121 tell 16.23.43.126              
19:04:52.820266 Out arp who-has 16.23.42.27 tell 16.23.42.254               
19:04:52.820270 Out arp who-has 16.23.42.18 tell 16.23.42.254               
19:04:52.820276 Out arp who-has 16.23.40.245 tell 16.23.40.246              
19:04:52.820281 Out arp who-has 16.23.42.220 tell 16.23.42.254              
19:04:52.820301 Out arp who-has 16.23.40.60 tell 16.23.40.62                
19:04:52.820307 Out arp who-has 16.23.41.209 tell 16.23.41.214              
19:04:52.820312 Out arp who-has 16.23.42.217 tell 16.23.42.254              
19:04:52.822060 Out arp who-has 16.23.41.181 tell 16.23.41.182              
19:04:52.854163 Out arp who-has 16.23.41.129 tell 16.23.41.134
....

有很多Out包，我只想显示In方向包，我如何使用monitor traffic工具：

run monitor traffic interface ae16 命令：

19:04:52.820205 Out arp who-has 16.23.40.133 tell 16.23.40.134              
19:04:52.820210 Out arp who-has 43.243.33.66 tell 43.243.33.70                  
19:04:52.820216 Out arp who-has 16.23.40.45 tell 16.23.40.46                
19:04:52.820243 Out arp who-has 16.23.40.242 tell 16.23.40.246              
19:04:52.820250 Out arp who-has 16.23.43.199 tell 16.23.43.222              
19:04:52.820256 Out arp who-has 43.243.33.204 tell 43.243.33.206                
19:04:52.820261 Out arp who-has 16.23.43.121 tell 16.23.43.126              
19:04:52.820266 Out arp who-has 16.23.42.27 tell 16.23.42.254               
19:04:52.820270 Out arp who-has 16.23.42.18 tell 16.23.42.254               
19:04:52.820276 Out arp who-has 16.23.40.245 tell 16.23.40.246              
19:04:52.820281 Out arp who-has 16.23.42.220 tell 16.23.42.254              
19:04:52.820301 Out arp who-has 16.23.40.60 tell 16.23.40.62                
19:04:52.820307 Out arp who-has 16.23.41.209 tell 16.23.41.214              
19:04:52.820312 Out arp who-has 16.23.42.217 tell 16.23.42.254              
19:04:52.822060 Out arp who-has 16.23.41.181 tell 16.23.41.182              
19:04:52.854163 Out arp who-has 16.23.41.129 tell 16.23.41.134
....

Out包很多，我想只显示In方向包，监控流量怎么用？

1个回答

Juniper 的monitor traffic命令具有与相同的功能tcpdump，因此您可以构建自定义过滤器以适合您想要查看的内容。

您可以在下方看到 IP、IPv6 和 ISO/CLNS (IS-IS) 的入站和出站流量。

jhead@vmx1# run monitor traffic interface ge-0/0/0 no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on ge-0/0/0, capture size 96 bytes

06:14:40.613070  In IS-IS, p2p IIH, src-id 0168.0000.0003, length 57
06:14:40.633073  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44
06:14:40.901500 Out IS-IS, p2p IIH, src-id 0168.0000.0001, length 57
06:14:41.282872  In IP6 2001:db8:3000::3.49152 > 2001:db8:3000::1.4784: [|BFD]
06:14:41.462494  In IS-IS, p2p IIH, src-id 0168.0000.0003, length 57
06:14:41.841509 Out IS-IS, p2p IIH, src-id 0168.0000.0001, length 57
06:14:41.881561 Out IP6 truncated-ip6 - 32 bytes missing!2001:db8:3000::1.49152 > 2001:db8:3000::3.4784: [|BFD]

要仅查看入站，请使用matching关键字，它允许您构建将在 intcpdump或wireshark 中使用的过滤器。在这种情况下，这就是inbound过滤器，我们也将只匹配 IP 流量。

jhead@vmx1# run monitor traffic interface ge-0/0/0 no-resolve matching "inbound && ip"
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on ge-0/0/0, capture size 96 bytes

06:17:01.931758  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44
06:17:02.202380  In IP 192.168.0.3.55330 > 192.168.0.1.179: . ack 3564494504 win 16384 <nop,nop,timestamp 25559251 25558745>
06:17:03.711791  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44
06:17:05.431838  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44

其它你可能感兴趣的问题

上一篇如何在 SG 300-10（和 SSH 功能）上安装 SSL 密钥和证书下一篇端口通道混合端口问题