Hi, I'm trying to capture unicast traffic from a subinterface on an m10i router running 8.0 code.
Started out with a "start shell user root" and then ran a 'tcpdump -c 1000 -nvi ge-0/3/0.694 -w /var/tmp/test.log' And it kind of worked, but only caught slow path traffic destined to the cpu exactly like a monitor command. Can anybody tell me how to catch the unicast traffic with an IP host filter? I've tried: 'tcpdump -c 1000 -nvi ge-0/3/0 host 10.66.94.35 -w /var/tmp/test.log' 'tcpdump -c 1000 -nvi ge-0/3/0 ip host 10.66.94.35 -w /var/tmp/test.log' 'tcpdump -c 1000 -nvi ge-0/3/0.694 host 10.66.94.35 -w /var/tmp/test.log' 'tcpdump -c 1000 -nvi ge-0/3/0.694 ip host 10.66.94.35 -w /var/tmp/test.log' 'tcpdump -c 1000 -nvi ge-0/3/0 'host 10.66.94.35' -w /var/tmp/test.log' 'tcpdump -c 1000 -nvi ge-0/3/0.694 'host 10.66.94.35' -w /var/tmp/test.log' 'tcpdump -c 1000 -i ge-0/3/0 'host 10.66.94.35' -w /var/tmp/test.log' 'tcpdump -c 1000 -i ge-0/3/0.694 'host 10.66.94.35' -w /var/tmp/test.log' And kept getting a 'syntax' error. Here is a 'show interface terse of 0/3/0' ge-0/3/0 up up ge-0/3/0.676 up up inet 10.66.76.2/24 ge-0/3/0.677 up up inet 10.66.77.1/24 10.66.77.2/24 ge-0/3/0.690 up up inet 10.66.90.1/24 10.66.90.2/24 ge-0/3/0.694 up up inet 10.66.94.1/24 10.66.94.2/24 ge-0/3/0.695 up up inet 10.66.95.2/24 ge-0/3/0.697 up up inet 10.66.97.2/24 ge-0/3/0.698 up up inet 10.66.98.1/24 10.66.98.2/24 ge-0/3/0.699 up up inet 10.66.99.2/24 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp