First, put all your command line switches (ie, -w <file>) BEFORE the list of packet-match-criteria. Instead of
'tcpdump -c 1000 -nvi ge-0/3/0.694 host 10.66.94.35 -w /var/tmp/test.log' use 'tcpdump -c 1000 -nvi ge-0/3/0.694 -w /var/tmp/test.log host 10.66.94.35' Second, tcpdump cannot capture transit traffic. You need to use a firewall filter with the sample action. Paul Goyette Juniper Networks Customer Service JTAC Senior Escalation Engineer PGP Key ID 0x53BA7731 Fingerprint: FA29 0E3B 35AF E8AE 6651 0786 F758 55DE 53BA 7731 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Thompson, Jerrold > Sent: Monday, January 21, 2008 10:26 AM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] tcpdump > Importance: High > > > Hi, > > I'm trying to capture unicast traffic from a subinterface on an m10i > router running 8.0 code. > > Started out with a "start shell user root" and then ran a > > 'tcpdump -c 1000 -nvi ge-0/3/0.694 -w /var/tmp/test.log' > > And it kind of worked, but only caught slow path traffic > destined to the > cpu exactly like a monitor command. > > Can anybody tell me how to catch the unicast traffic with an IP host > filter? I've tried: > > 'tcpdump -c 1000 -nvi ge-0/3/0 host 10.66.94.35 -w /var/tmp/test.log' > 'tcpdump -c 1000 -nvi ge-0/3/0 ip host 10.66.94.35 -w > /var/tmp/test.log' > 'tcpdump -c 1000 -nvi ge-0/3/0.694 host 10.66.94.35 -w > /var/tmp/test.log' > 'tcpdump -c 1000 -nvi ge-0/3/0.694 ip host 10.66.94.35 -w > /var/tmp/test.log' > 'tcpdump -c 1000 -nvi ge-0/3/0 'host 10.66.94.35' -w > /var/tmp/test.log' > 'tcpdump -c 1000 -nvi ge-0/3/0.694 'host 10.66.94.35' -w > /var/tmp/test.log' > 'tcpdump -c 1000 -i ge-0/3/0 'host 10.66.94.35' -w /var/tmp/test.log' > 'tcpdump -c 1000 -i ge-0/3/0.694 'host 10.66.94.35' -w > /var/tmp/test.log' > > And kept getting a 'syntax' error. > > Here is a 'show interface terse of 0/3/0' > > ge-0/3/0 up up > ge-0/3/0.676 up up inet 10.66.76.2/24 > ge-0/3/0.677 up up inet 10.66.77.1/24 > 10.66.77.2/24 > ge-0/3/0.690 up up inet 10.66.90.1/24 > 10.66.90.2/24 > ge-0/3/0.694 up up inet 10.66.94.1/24 > 10.66.94.2/24 > ge-0/3/0.695 up up inet 10.66.95.2/24 > ge-0/3/0.697 up up inet 10.66.97.2/24 > ge-0/3/0.698 up up inet 10.66.98.1/24 > 10.66.98.2/24 > ge-0/3/0.699 up up inet 10.66.99.2/24 > > > > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp