文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >如何使用监视器流量仅显示Juniper EX480中的In包?

如何使用监视器流量仅显示Juniper EX480中的In包?
EN

Network Engineering用户
提问于 2019-06-21 11:33:24
回答 1查看 827关注 0票数 4

我使用monitor traffic工具:

run monitor traffic interface ae16逗号:

代码语言:javascript
复制
19:04:52.820205 Out arp who-has 16.23.40.133 tell 16.23.40.134              
19:04:52.820210 Out arp who-has 43.243.33.66 tell 43.243.33.70                  
19:04:52.820216 Out arp who-has 16.23.40.45 tell 16.23.40.46                
19:04:52.820243 Out arp who-has 16.23.40.242 tell 16.23.40.246              
19:04:52.820250 Out arp who-has 16.23.43.199 tell 16.23.43.222              
19:04:52.820256 Out arp who-has 43.243.33.204 tell 43.243.33.206                
19:04:52.820261 Out arp who-has 16.23.43.121 tell 16.23.43.126              
19:04:52.820266 Out arp who-has 16.23.42.27 tell 16.23.42.254               
19:04:52.820270 Out arp who-has 16.23.42.18 tell 16.23.42.254               
19:04:52.820276 Out arp who-has 16.23.40.245 tell 16.23.40.246              
19:04:52.820281 Out arp who-has 16.23.42.220 tell 16.23.42.254              
19:04:52.820301 Out arp who-has 16.23.40.60 tell 16.23.40.62                
19:04:52.820307 Out arp who-has 16.23.41.209 tell 16.23.41.214              
19:04:52.820312 Out arp who-has 16.23.42.217 tell 16.23.42.254              
19:04:52.822060 Out arp who-has 16.23.41.181 tell 16.23.41.182              
19:04:52.854163 Out arp who-has 16.23.41.129 tell 16.23.41.134
....

有许多Out包,我只想展示In方向包,如何使用monitor traffic工具:

run monitor traffic interface ae16逗号:

代码语言:javascript
复制
19:04:52.820205 Out arp who-has 16.23.40.133 tell 16.23.40.134              
19:04:52.820210 Out arp who-has 43.243.33.66 tell 43.243.33.70                  
19:04:52.820216 Out arp who-has 16.23.40.45 tell 16.23.40.46                
19:04:52.820243 Out arp who-has 16.23.40.242 tell 16.23.40.246              
19:04:52.820250 Out arp who-has 16.23.43.199 tell 16.23.43.222              
19:04:52.820256 Out arp who-has 43.243.33.204 tell 43.243.33.206                
19:04:52.820261 Out arp who-has 16.23.43.121 tell 16.23.43.126              
19:04:52.820266 Out arp who-has 16.23.42.27 tell 16.23.42.254               
19:04:52.820270 Out arp who-has 16.23.42.18 tell 16.23.42.254               
19:04:52.820276 Out arp who-has 16.23.40.245 tell 16.23.40.246              
19:04:52.820281 Out arp who-has 16.23.42.220 tell 16.23.42.254              
19:04:52.820301 Out arp who-has 16.23.40.60 tell 16.23.40.62                
19:04:52.820307 Out arp who-has 16.23.41.209 tell 16.23.41.214              
19:04:52.820312 Out arp who-has 16.23.42.217 tell 16.23.42.254              
19:04:52.822060 Out arp who-has 16.23.41.181 tell 16.23.41.182              
19:04:52.854163 Out arp who-has 16.23.41.129 tell 16.23.41.134
....

有很多Out包,我只想显示In方向包,如何使用监视器流量?

juniper
EN

回答 1

Network Engineering用户

回答已采纳

发布于 2019-11-22 14:18:52

Juniper的monitor traffic命令具有与tcpdump相同的功能,因此您可以构建自定义过滤器以适应您想要看到的内容。

下面可以看到IP、IPv6和ISO/CLNS (IS-IS)的入站和出站流量。

代码语言:javascript
复制
jhead@vmx1# run monitor traffic interface ge-0/0/0 no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on ge-0/0/0, capture size 96 bytes

06:14:40.613070  In IS-IS, p2p IIH, src-id 0168.0000.0003, length 57
06:14:40.633073  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44
06:14:40.901500 Out IS-IS, p2p IIH, src-id 0168.0000.0001, length 57
06:14:41.282872  In IP6 2001:db8:3000::3.49152 > 2001:db8:3000::1.4784: [|BFD]
06:14:41.462494  In IS-IS, p2p IIH, src-id 0168.0000.0003, length 57
06:14:41.841509 Out IS-IS, p2p IIH, src-id 0168.0000.0001, length 57
06:14:41.881561 Out IP6 truncated-ip6 - 32 bytes missing!2001:db8:3000::1.49152 > 2001:db8:3000::3.4784: [|BFD]

要查看入站,请使用matching关键字,它允许您构建在tcpdump或wireshark中使用的筛选器。在这种情况下,这是inbound过滤器,我们也将只匹配IP流量。

代码语言:javascript
复制
jhead@vmx1# run monitor traffic interface ge-0/0/0 no-resolve matching "inbound && ip"
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on ge-0/0/0, capture size 96 bytes

06:17:01.931758  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44
06:17:02.202380  In IP 192.168.0.3.55330 > 192.168.0.1.179: . ack 3564494504 win 16384 <nop,nop,timestamp 25559251 25558745>
06:17:03.711791  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44
06:17:05.431838  In IP 192.168.0.3.49152 > 192.168.0.1.4784: BFDv1, Multi-hop Control, State Up, Flags: [Authentication Present], length: 44
票数 1
EN
页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://networkengineering.stackexchange.com/questions/59962

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档