monitor traffic
Syntax
monitor traffic <brief | detail | extensive> <absolute-sequence> <count count> <interface interface-name> <layer2-headers> <matching matching> <no-domain-names> <no-promiscuous> <no-resolve> <no-timestamp> <print-ascii> <print-hex> <read-file filename> <resolve-timeout> <size size> <write-file filename>
Description
Display packet headers or packets received and sent from the Routing Engine.
-
Using the
monitor-trafficcommand can degrade router or switch performance. -
Delays from DNS resolution can be eliminated by using the
no-resolveoption.
This command is not supported on the QFabric system.
Options
| none |
(Optional) Display packet headers transmitted through fxp0. On a TX Matrix Plus router, display packet headers transmitted through em0. |
| brief | detail | extensive |
(Optional) Display the specified level of output. |
| absolute-sequence |
(Optional) Display absolute TCP sequence numbers. |
| count count |
(Optional) Specify the number of packet headers to display (0 through 1,000,000). The monitor traffic command quits automatically after displaying the number of packets specified. |
| interface interface-name |
(Optional) Specify the interface on which the In Junos OS Evolved:
|
| layer2-headers |
(Optional) Display the link-level header on each line. |
| matching matching |
(Optional) Display packet headers that match a regular expression. Use matching expressions
to define the level of detail with which the |
| no-domain-names |
(Optional) Suppress the display of the domain portion of hostnames. With the
|
| no-promiscuous |
(Optional) Do not put the interface into promiscuous mode. |
| no-resolve |
(Optional) Suppress reverse lookup of the IP addresses. |
| no-timestamp |
(Optional) Suppress timestamps on displayed packets. |
| print-ascii |
(Optional) Display each packet in ASCII format. |
| print-hex |
(Optional) Display each packet, except the link-level header, in hexadecimal format. |
| read-file filename |
Read packets from the file specified. |
| resolve-timeout timeout |
(Optional) Amount of time the router or switch waits for each reverse lookup before timing
out. You can set the timeout for 1 through 4,294,967,295 seconds. The default is 4 seconds.
To display each packet, use the |
| size size |
(Optional) Read but do not display up to the specified number of bytes for each packet.
When set to |
| write-file filename |
Write packets to the file specified. |
Starting in Junos OS Evolved 20.4R1, the write-file option at the
monitor traffic interface hierarchy level takes precedence over the
extensive option when you configure them simultaneously. If you try to
configure these options at the same time, Junos OS Evolved gives you a warning message that the
options are not compatible, and it only runs the monitor traffic interface
write-file command.
Additional Information
In the monitor traffic command, you can specify an expression to match by
using the matching option and including the expression in quotation marks:
monitor traffic matching "expression"
Replace expression with one or more of the match
conditions listed in Table 1.
|
Match Type |
Condition |
Description |
|---|---|---|
| Entity |
|
Matches packets that contain the specified address or hostname. The protocol match conditions |
|
|
Matches packets with source or destination addresses containing the specified network address. |
|
|
|
Matches packets containing the specified network address and subnet mask. |
|
|
|
Matches packets containing the specified source or destination TCP or UDP port number or port name. In place of the numeric port address, you can specify a text synonym, such as
|
|
| Directional |
|
Matches packets going to the specified destination. This match condition can be prepended to any of the entity type match conditions. |
|
|
Matches packets from a specified source. This match condition can be prepended to any of the entity type match conditions. |
|
|
|
Matches packets that contain the specified source and destination addresses. This match condition can be prepended to any of the entity type match conditions. |
|
|
|
Matches packets containing either of the specified addresses. This match condition can be prepended to any of the entity type match conditions. |
|
| Packet Length |
|
Matches packets shorter than or equal to the specified value, in bytes. |
|
|
Matches packets longer than or equal to the specified value, in bytes. |
|
| Protocol |
|
Matches all AMT packets. Use the extensive level of output to decode the inner IGMP packets in addition to the AMT outer packet. |
|
|
Matches all ARP packets. |
|
|
|
Matches all Ethernet packets. |
|
|
|
Matches broadcast or multicast Ethernet frames. This match condition can be prepended
with |
|
|
|
Matches packets with the specified Ethernet address or Ethernet packets of the specified
protocol type. The |
|
|
|
Matches all ICMP packets. |
|
|
|
Matches all IP packets. |
|
|
|
Matches broadcast or multicast IP packets. |
|
|
|
Matches packets with the specified address or protocol type. The |
|
|
|
Matches all IS-IS routing messages. |
|
|
|
Matches packets whose headers contain the specified IP protocol number. |
|
|
|
Matches all RARP packets. |
|
|
|
Matches all TCP datagrams. |
|
|
|
Matches all UDP datagrams. |
To combine expressions, use the logical operators listed in Table 2.
|
Logical Operator (Highest to Lowest Precedence) |
Description |
|---|---|
|
|
Logical NOT. If the first condition does not match, the next condition is evaluated. |
|
|
Logical AND. If the first condition matches, the next condition is evaluated. If the first condition does not match, the next condition is skipped. |
|
|
Logical OR. If the first condition matches, the next condition is skipped. If the first condition does not match, the next condition is evaluated. |
|
|
Group operators to override default precedence order. Parentheses are special characters,
each of which must be preceded by a backslash ( |
You can use relational operators to compare arithmetic expressions composed of integer constants, binary operators, a length operator, and special packet data accessors. The arithmetic expression matching condition uses the following syntax:
monitor traffic matching "ether[0] & 1 != 0""arithmetic_expression relational_operator arithmetic_expression"
The packet data accessor uses the following syntax:
protocol [byte-offset <size>]
The optional size field represents the number of bytes examined in the
packet header. The available values are1, 2, or
4 bytes. The following sample command captures all multicast traffic:
user@host> monitor traffic matching "ether[0] & 1 != 0"
To specify match conditions that have a numeric value, use the arithmetic and relational operators listed in Table 3.
Because the Packet Forwarding Engine removes Layer 2 header information before sending packets to the Routing Engine:
-
The
monitor trafficcommand cannot apply match conditions to inbound traffic. -
The
monitor traffic interfacecommand also cannot apply match conditions for Layer 3 and Layer 4 packet data, resulting in thematchpipe option (| match) for this command for Layer 3 and Layer 4 packets not working either. Therefore, ensure that you specify match conditions as described in this command summary. For more information about match conditions, see Table 1. -
The 802.1Q VLAN tag information included in the Layer 2 header is removed from all inbound traffic packets. Because the
monitor traffic interface ae[x]command for aggregated Ethernet interfaces (such as ) only shows inbound traffic data, the command does not show VLAN tag information in the output.
|
Arithmetic or Relational Operator |
Description |
|---|---|
| Arithmetic Operator | |
|
+ |
Addition operator. |
|
- |
Subtraction operator. |
|
/ |
Division operator. |
|
& |
Bitwise AND. |
|
* |
Bitwise exclusive OR. |
|
| |
Bitwise inclusive OR. |
| Relational Operator (Highest to Lowest Precedence) | |
|
<= |
If the first expression is less than or equal to the second, the packet matches. |
|
>= |
If the first expression is greater than or equal to the second, the packet matches. |
|
< |
If the first expression is less than the second, the packet matches. |
|
> |
If the first expression is greater than the second, the packet matches. |
|
= |
If the compared expressions are equal, the packet matches. |
|
!= |
If the compared expressions are unequal, the packet matches. |
Required Privilege Level
trace
maintenance
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
- monitor traffic count
- monitor traffic detail count
- monitor traffic extensive (Absolute Sequence)
- monitor traffic extensive (Relative Sequence)
- monitor traffic extensive count
- monitor traffic interface
- monitor traffic interface (Junos OS Evolved)
- monitor traffic matching
- monitor traffic (TX Matrix Plus Router)
- monitor traffic (QFX3500 Switch)
- monitor traffic matching icmp
- monitor traffic matching IP protocol number
- monitor traffic matching arp
- monitor traffic matching port
- monitor traffic read-files
- monitor traffic write-file
monitor traffic count
user@host> monitor traffic count 2 listening on fxp0 04:35:49.814125 In my-server.home.net.1295 > my-server.work.net.telnet: . ack 4122529478 win 16798 (DF) 04:35:49.814185 Out my-server.work.net.telnet > my-server.home.net.1295: P 1:38(37) ack 0 win 17680 (DF) [tos 0x10]
monitor traffic detail count
user@host> monitor traffic detail count 2 listening on fxp0 04:38:16.265864 In my-server.home.net.1295 > my-server.work.net.telnet: . ack 4122529971 win 17678 (DF) (ttl 121, id 6812) 04:38:16.265926 Out my-server.work.net.telnet.telnet > my-server.home.net.1295: P 1:38(37) ack 0 win 17680 (DF) [tos 0x10] (ttl 6)
monitor traffic extensive (Absolute Sequence)
user@host> monitor traffic extensive no-domain-names no-resolve no-timestamp count 20 matching "tcp" absolute-sequence listening on fxp0 In 203.0.113.193.179 > 192.168.4.227.1024: . 4042780859:4042780859(0) ack 1845421797 win 16384 <nop,nop,timestamp 4935628 965951> [tos 0xc0] (ttl ) In 203.0.113.193.179 > 192.168.4.227.1024: P 4042780859:4042780912(53) ack 1845421797 win 16384 <nop,nop,timestamp 4935628 965951>: BGP [|BGP UPDAT) In 192.168.4.227.1024 > 203.0.113.193.179: P 1845421797:1845421852(55) ack 4042780912 win 16384 <nop,nop,timestamp 965951 4935628>: BGP [|BGP UPDAT) ...
monitor traffic extensive (Relative Sequence)
user@host> monitor traffic extensive no-domain-names no-resolve no-timestamp count 20 matching "tcp" listening on fxp0 In 172.24.248.221.1680 > 192.168.4.210.23: . 396159737:396159737(0) ack 1664980689 win 17574 (DF) (ttl 121, id 50003) Out 192.168.4.210.23 > 172.24.248.221.1680: P 1:40(39) ack 0 win 17680 (DF) [tos 0x10] (ttl 64, id 5394) In 203.0.113.193.179 > 192.168.4.227.1024: P 4042775817:4042775874(57) ack 1845416593 win 16384 <nop,nop,timestamp 4935379 965690>: BGP [|BGP UPDAT) ...
monitor traffic extensive count
monitor traffic extensive count 5 no-domain-names no-resolve listening on fxp013:18:17.406933 In 192.168.4.206.2723610880 > 172.17.28.8.2049: 40 null (ttl 64, id 38367)13:18:17.407577 In 172.17.28.8.2049 > 192.168.4.206.2723610880: reply ok 28 null (ttl 61, id 35495)13:18:17.541140 In 0:e0:1e:42:9c:e0 0:e0:1e:42:9c:e0 9000 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 000013:18:17.591513 In 172.24.248.156.4139 > 192.168.4.210.23: 3556964918:3556964918(0) ack 295526518 win 17601 (DF) (ttl 121, id 14)13:18:17.591568 Out 192.168.4.210.23 > 172.24.248.156.4139: P 1:40(39) ack 0 win 17680 (DF) [tos 0x10] (ttl 64, id 52376)
monitor traffic interface
user@host> monitor traffic interface fxp0 listening on fxp0.0 18:17:28.800650 In server.home.net.723 > host1-0.lab.home.net.log 18:17:28.800733 Out host2-0.lab.home.net.login > server.home.net.7 18:17:28.817813 In host30.lab.home.net.syslog > host40.home0 18:17:28.817846 In host30.lab.home.net.syslog > host40.home0 ...
monitor traffic interface (Junos OS Evolved)
In this example, ae0 is a physical interface and ae0.1 is a logical interface.
user@host> monitor traffic interface ae0 reading from file -, link-type EN10MB (Ethernet) 17:51:30.691523 LLDP, length 441: host.example.com 17:51:32.296133 LLDP, length 445: host.example.com 17:51:33.029399 LLDP, length 445: host.example.com 17:51:33.523333 LLDP, length 445: host.example.com ... user@host> monitor traffic interface ae0.1 reading from file -, link-type EN10MB (Ethernet) 17:51:20.932958 IP 10.1.1.2 > 10.1.1.1: ICMP echo request, id 33378, seq 4, length 64 17:51:20.933273 IP 10.1.1.1 > 10.1.1.2: ICMP echo reply, id 33378, seq 4, length 64 17:51:21.933840 IP 10.1.1.2 > 10.1.1.1: ICMP echo request, id 33378, seq 5, length 64 17:51:21.934147 IP 10.1.1.1 > 10.1.1.2: ICMP echo reply, id 33378, seq 5, length 64 ...
monitor traffic matching
user@host> monitor traffic matching "net 192.168.1.0/24" verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on fxp0, capture size 96 bytes Reverse lookup for 192.168.1.255 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use no-resolve to avoid reverse lookups on IP addresses. 21:55:54.003511 In IP truncated-ip - 18 bytes missing! 192.168.1.17.netbios-ns > 192.168.1.255.netbios-ns: UDP, length 50 21:55:54.003585 Out IP truncated-ip - 18 bytes missing! 192.168.1.17.netbios-ns > 192.168.1.255.netbios-ns: UDP, length 50 21:55:54.003864 In arp who-has 192.168.1.17 tell 192.168.1.9 ...
monitor traffic (TX Matrix Plus Router)
user@host> monitor traffic verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on em0, capture size 96 bytes 04:11:59.862121 Out IP truncated-ip - 25 bytes missing! summit-em0.example.net.syslog > sv-log-01.example.net.syslog: SYSLOG kernel.info, length: 57 04:11:59.862303 Out IP truncated-ip - 25 bytes missing! summit-em0.example.net.syslog > sv-log-02.example.net.syslog: SYSLOG kernel.info, length: 57 04:11:59.923948 In IP aj-em0.example.net.65235 > summit-em0.example.net.telnet: . ack 1087492766 win 33304 <nop,nop,timestamp 42366734 993490> 04:11:59.923983 Out IP truncated-ip - 232 bytes missing! summit-em0.example.net.telnet > aj-em0.example.net.65235: P 1:241(240) ack 0 win 33304 <nop,nop,timestamp 993590 42366734> 04:12:00.022900 In IP aj-em0.exmaple.net.65235 > summit-em0.example.net.telnet: . ack 241 win 33304 <nop,nop,timestamp 42366834 993590> 04:12:00.141204 In IP truncated-ip - 40 bytes missing! ipg-lnx-shell1.example.net.46182 > summit-em0.example.net.telnet: P 2950530356:2950530404(48) ack 485494987 win 63712 <nop,nop,timestamp 1308555294 987086> 04:12:00.141345 Out IP summit-em0.example.net.telnet > ipg-lnx-shell1.example.net.46182: P 1:6(5) ack 48 win 33304 <nop,nop,timestamp 993809 1308555294> 04:12:00.141572 In IP ipg-lnx-shell1.example.net.46182 > summit-em0.example.net.telnet: . ack 6 win 63712 <nop,nop,timestamp 1308555294 993809> 04:12:00.141597 Out IP summit-em0.example.net.telnet > ipg-lnx-shell1.example.net.46182: P 6:10(4) ack 48 win 33304 <nop,nop,timestamp 993810 1308555294> 04:12:00.141821 In IP ipg-lnx-shell1.example.net.46182 > summit-em0.exmaple.net.telnet: . ack 10 win 63712 <nop,nop,timestamp 1308555294 993810> 04:12:00.141837 Out IP truncated-ip - 2 bytes missing! summit-em0.example.net.telnet > ipg-lnx-shell1.example.net.46182: P 10:20(10) ack 48 win 33304 <nop,nop,timestamp 993810 1308555294> 04:12:00.142072 In IP ipg-lnx-shell1.example.net.46182 > summit-em0.example.net.telnet: . ack 20 win 63712 <nop,nop,timestamp 1308555294 993810> 04:12:00.142089 Out IP summit-em0.example.net.telnet > ipg-lnx-shell1.example.net.46182: P 20:28(8) ack 48 win 33304 <nop,nop,timestamp 993810 1308555294> 04:12:00.142321 In IP ipg-lnx-shell1.exmample.net.46182 > summit-em0.englab.example.net.telnet: . ack 28 win 63712 <nop,nop,timestamp 1308555294 993810> 04:12:00.142337 Out IP truncated-ip - 1 bytes missing! summit-em0.example.net.telnet > ipg-lnx-shell.example.net.46182: P 28:37(9) ack 48 win 33304 <nop,nop,timestamp 993810 1308555294> ...
monitor traffic (QFX3500 Switch)
user@switch> monitor traffic verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on me4, capture size 96 bytes Reverse lookup for 172.22.16.246 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use <no-resolve> to avoid reverse lookups on IP addresses. 16:35:32.240873 Out IP truncated-ip - 112 bytes missing! labqfx-me0.example.net.ssh > 172.22.16.246.telefinder: P 4200727624:4200727756(132) ack 2889954831 win 65535 16:35:32.240900 Out IP truncated-ip - 176 bytes missing! labqfx-me0.example.net.ssh > 172.22.16.246.telefinder: P 132:328(196) ack 1 win 65535 ...
monitor traffic matching icmp
user@host> monitor traffic matching "icmp" no-resolve verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is OFF. Listening on me0, capture size 96 bytes 09:23:17.728737 In IP 172.19.10.9 > 10.10.211.93: ICMP echo request, id 1, seq 322, length 40 09:23:17.728780 Out IP 10.10.211.93 > 172.19.10.9: ICMP echo reply, id 1, seq 322, length 40 09:23:18.735848 In IP 172.19.10.9 > 10.10.211.93: ICMP echo request, id 1, seq 323, length 40 09:23:18.735891 Out IP 10.10.211.93 > 172.19.10.9: ICMP echo reply, id 1, seq 323, length 40 09:23:19.749732 In IP 172.19.10.9 > 10.10.211.93: ICMP echo request, id 1, seq 324, length 40 09:23:19.749775 Out IP 10.10.211.93 > 172.19.10.9: ICMP echo reply, id 1, seq 324, length 40 09:23:20.749747 In IP 172.19.10.9 > 10.10.211.93: ICMP echo request, id 1, seq 325, length 40 09:23:20.749791 Out IP 10.10.211.93 > 172.19.10.9: ICMP echo reply, id 1, seq 325, length 40 ...
monitor traffic matching IP protocol number
user@host> monitor traffic matching "proto 89" no-resolve verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is OFF. Listening on me0, capture size 96 bytes 13:06:14.700311 In IP truncated-ip - 16 bytes missing! 10.94.211.254 > 224.0.0. 5: OSPFv2, Hello, length 56 13:06:16.067010 In IP truncated-ip - 20 bytes missing! 10.94.211.102 > 224.0.0. 5: OSPFv2, Hello, length 60 13:06:16.287566 In IP truncated-ip - 20 bytes missing! 10.94.211.142 > 224.0.0. 5: OSPFv2, Hello, length 60 13:06:20.758500 In IP truncated-ip - 16 bytes missing! 10.200.211.254 > 224.0.0 .5: OSPFv2, Hello, length 56 13:06:24.309882 In IP truncated-ip - 20 bytes missing! 10.94.211.102 > 224.0.0. 5: OSPFv2, Hello, length 60 13:06:24.396699 In IP truncated-ip - 16 bytes missing! 10.94.211.254 > 224.0.0. 5: OSPFv2, Hello, length 56 13:06:25.067386 In IP truncated-ip - 20 bytes missing! 10.94.211.142 > 224.0.0. 5: OSPFv2, Hello, length 60 13:06:29.499988 In IP truncated-ip - 16 bytes missing! 10.200.211.254 > 224.0.0 .5: OSPFv2, Hello, length 56 13:06:32.858753 In IP truncated-ip - 20 bytes missing! 10.94.211.102 > 224.0.0. 5: OSPFv2, Hello, length 60 ...
monitor traffic matching arp
user@host> monitor traffic matching “arp” no-resolve verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is OFF. Listening on me0, capture size 96 bytes 11:57:54.664501 In arp who-has 10.10.213.109 (00:1f:d5:f3:28:30) tell 10.10.213.31 11:57:56.828387 In arp who-has 10.10.213.233 (00:24:9d:06:77:4f) tell 10.10.213.31 11:58:01.735803 In arp who-has 10.10.213.251 (88:e0:f4:1d:41:40) tell 10.10.213.31 11:58:04.663241 In arp who-has 10.10.213.254 tell 10.94.211.170 11:58:28.488191 In arp who-has 10.10.213.149 (00:e0:91:c2:ff:8d) tell 10.10.213.31 11:58:41.858612 In arp who-has 10.10.213.148 tell 10.94.211.254 11:58:42.621533 In arp who-has 10.10.213.254 (5f:5e:ac:79:49:81) tell 10.10.213.31 11:58:44.533391 In arp who-has 10.10.213.186 tell 10.94.211.254 11:58:45.170405 In arp who-has 10.10.213.186 tell 10.94.211.254 11:58:45.770512 In arp who-has 10.10.213.186 tell 10.94.211.254
monitor traffic matching port
user@host> monitor traffic matching “port 22” no-resolve verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is OFF. Listening on me0, capture size 96 bytes 13:14:19.108089 In IP 192.0.2.22.56714 > 10.19.300.05.22: S 2210742342:2210742342(0) win 65535 <mss 1360,nop,wscale 7,nop,nop,sackOK> 13:14:19.108165 Out IP 10.19.300.05.22 > 192.0.2.22.56714: S 23075150:23075150(0) ack 2210742343 win 65535 <mss 1460,nop,wscale 1,sackOK,eol> 13:14:19.136883 In IP 192.0.2.22.56714 > 10.19.300.05.22: . ack 1 win 32768 13:14:19.231364 Out IP truncated-ip - 1 bytes missing! 10.19.300.05.22 > 172.29.102.9.56714: P 1:22(21) ack 1 win 33320 13:14:19.260174 In IP truncated-ip - 10 bytes missing! 192.0.2.22.56714 > 10.94.211.93.22: P 1:31(30) ack 22 win 32767 13:14:19.284865 Out IP truncated-ip - 964 bytes missing! 10.19.300.05.22 > 172.29.102.9.56714: P 22:1006(984) ack 31 win 33320 13:14:19.314549 In IP truncated-ip - 652 bytes missing! 192.0.2.22.56714 > 10.94.211.93.22: P 31:703(672) ack 1006 win 32760 13:14:19.414135 Out IP 10.19.300.05.22 > 192.0.2.22.56714: . ack 703 win 33320 13:14:19.443858 In IP 192.0.2.22.56714 > 10.19.300.05.22: P 703:719(16) ack 1006 win 32760 13:14:19.467379 Out IP truncated-ip - 516 bytes missing! 10.19.300.05.22 > 172.29.102.9.56714: P 1006:1542(536) ack 719 win 33320 13:14:19.734097 In IP 192.0.2.22.56714 > 10.19.300.05.22: . ack 1542 win 32768 13:14:19.843574 In IP truncated-ip - 508 bytes missing! 192.0.2.22.56714 > 10.94.211.93.22: P 719:1247(528) ack 1542 win 32768 ...
monitor traffic read-files
user@host> monitor traffic read-file tcpdump_20_7_18.pcap
15:20:42.597413 Out IP 128.0.0.1.6234 > 128.0.0.17.37217: . ack 1416364513 win 65535 <nop,nop,timestamp 2494269906 347794433>
15:20:42.597424 Out IP 128.0.0.1.6234 > 128.0.0.16.49400: . ack 3549610340 win 65535 <nop,nop,timestamp 2494269906 347799892>
15:20:42.598214 Out IP truncated-ip - 32 bytes missing! 128.0.0.1.6234 > 128.0.0.16.49400: P 0:40(40) ack 1 win 65535 <nop,nop,timestamp 2494269907 347799892>
0001 0000 0020 0000
monitor traffic write-file
user@host> monitor traffic write-file filename Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s. Listening on em1, capture size 96 bytes ^C 955 packets received by filter 0 packets dropped by kernel
Release Information
Command introduced before Junos OS Release 7.4.
Options read-file and
write-file introduced in Junos OS Release 19.1R1.