On (2012-04-12 23:23 +0100), Tom Storey wrote: > Im wondering if there is some way to output the details like a TCP > dump, or capture to a pcap file which can be read by Wireshark et al? > The later seems possible on certain models, but not the gear in > question here, an MX960 with DPCEs.
Setup GRE tunnel towards your *nix box (no need to config tunnel in *nix) and mirror packets to the tunnel. Something to this effect interfaces { gr-1/0/0 { unit 1 { tunnel { source your_loopback; destination your_nix_pc; } family inet { 127.0.0.42/31; } family inet6 { address fe80::42/127; } } } } forwarding-options { port-mirroring { input { rate 1; } family inet { output { interface gr-1/0/0.1; } } family inet6 { output { interface gr-1/0/0.1; } } } } Then in firewall config 'then port-mirror;' for what ever you want to mirror. I suggest using tshark in your NIX box, rather than tcpdump, as you can see actual useful packet, not just the top GRE. And you can use display filters matches to capture only interesting packets -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp