Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Packet Analyzer Overview


Packet capture is a tool that helps you to analyze network traffic and troubleshoot network problems. The packet capture tool captures real-time data packets traveling over the network for monitoring and logging. This tool is a debugging and analysis utility that you can use to identify the problematic area in a session path. A set of counters are displayed for both forward and reverse flow for all the supported services on SDG devices. Using these statistical details and values, you can obtain adequate and useful estimates regarding the total bytes count for each service in every hop and quickly, easily locate the hop where there can be a possible packet drop.

The packet analyzer is the endpoint to which the flow collector interface sends traffic for analysis. You can process and export multiple cflowd records with a flow collector interface. You create a flow collector interface on a Monitoring Services II or Multiservices 400 PIC. The flow collector interface combines multiple cflowd records into a compressed ASCII data file and exports the file to an FTP server.

You can configure the packet analyzer filters to capture packet data flows based on a match or classification criteria to collect statistics and information only about packets that satisfy the criteria. You can define the data and control plane packet flow direction and interface settings in the filter, and the interval at which devices must be polled. You can also specify a timeout to apply a threshold on the amount of data to be collected. You can then schedule the filter to be run for different services and view the statistics as numerical values or as a graph.

Packets are captured as binary data, without modification. You can read the packet information offline with a packet analyzer such as Ethereal or tcpdump. If you need to quickly capture packets destined for, or originating from, the Routing Engine and analyze them online, you can use the packet capture diagnostic tool.

Network administrators and security engineers use packet capture to perform the following tasks:

  • Monitor network traffic and analyze traffic patterns.

  • Identify and troubleshoot network problems. Detect security breaches in the network, such as unauthorized intrusions, spyware activity, or ping scans.

  • Packet capture operates like traffic sampling on the device, except that it captures entire packets.

Data packets are chunks of data that transit the router as they are being forwarded from a source to a destination. When a router receives a data packet on an interface, it determines where to forward the packet by looking in the forwarding table for the best route to a destination. The router then forwards the data packet toward its destination through the appropriate interface. The Packet Forwarding Engine, which is the central processing element of the router’s forwarding plane, handles the flow of data packets in and out of the router’s physical interfaces. Although the Packet Forwarding Engine contains Layer 3 and Layer 4 header information, it does not contain the packet data itself (the packet's payload).

You can also use the packet capture feature when you need to quickly capture and analyze control traffic on a router. Control packets refer to health check packets that are sent to examine the health and efficiency of specific URLs or paths. Health checking allows you to verify content accessibility in large websites. As content grows and information is distributed across different server farms, flexible, customizable content health checks are critical to ensure end-to-end availability.

Pre-Service Filtering of Traffic for Service Processing

To filter IPv4 or IPv6 traffic before accepting packets for input or output service processing, include the service-set service-set-name service-filter service-filter-name at one of the following interfaces:

  • [edit interfaces interface-name unit unit-number family (inet | inet6) service input]

  • [edit interfaces interface-name unit unit-number family (inet | inet6) service output]

For the service-set-name, specify a service set configured at the [edit services service-set] hierarchy level.

The service set retains the input interface information even after services are applied, so that functions such as filter-class forwarding and destination class usage (DCU) that depend on input interface information continue to work.

The following requirements apply to filtering inbound or outbound traffic before accepting packets for service processing:

  • You configure the same service set on the input and output sides of the interface.

  • If you include the service-set statement without an optional service-filter definition, the Junos OS assumes the match condition is true and selects the service set for processing automatically.

  • The service filter is applied only if a service set is configured and selected.

You can include more than one service set definition on each side of an interface. The following guidelines apply:

  • If you include multiple service sets, the router (or switch) software evaluates them in the order in which they appear in the configuration. The system executes the first service set for which it finds a match in the service filter and ignores the subsequent definitions.

  • A maximum of six service sets can be applied to an interface.

  • When you apply multiple service sets to an interface, you must also configure and apply a service filter to the interface.

Postservice Filtering of Returning Service Traffic

As an option to filtering of IPv4 or IPv6 input service traffic, you can apply a service filter to IPv4 or IPv6 traffic that is returning to the services interface after the service set is executed. To apply a service filter in this manner, include the post-service-filter service-filter-name statement at the [edit interfaces interface-name unit unit-number family (inet | inet6) service input] hierarchy level.