Verify Packets

Purpose

You can check the flow of packets to and from the router to further your investigation of issues on the router.

To verify packets, follow these steps:

Monitor Packets Sent from and Received by the Routing Engine

Purpose

To print packet headers transmitted through network interfaces sent from or received by the Routing Engine.

Action

To print packet headers transmitted through network interfaces sent from or received by the Routing Engine, enter the following Junos OS CLI operational mode command:

user@host> monitor traffic interface interface-name

Sample Output

user@R1> monitor traffic interface so-0/0/1

verbose output suppressed, use <detail> or <extensive> for full protocol decode Listening on so-0/0/1, capture size 96 bytes
11:23:01.666720  In IP 10.1.15.2 > OSPF-ALL.MCAST.NET: OSPFv2 Hello length: 48
11:23:01.666884 Out IP 10.1.15.1 > OSPF-ALL.MCAST.NET: OSPFv2 Hello length: 48 11:23:01.681330 Out IP 10.0.0.1.bgp > 10.0.0.5.3813: P 3821434885:3821434904(19) ack 165811073 win 16417 <nop,nop,timestamp 42120056 42108995>: BGP, length: 19
11:23:01.682041  In IP 10.0.0.5.3813 > 10.0.0.1.bgp: P 1:20(19) ack 19 win 16398 <nop,nop,timestamp 42111985 42120056>: BGP, length: 19
11:23:01.781132 Out IP 10.0.0.1.bgp > 10.0.0.5.3813: . ack 20 win 16398 <nop,nop,timestamp 42120066 42111985>
11:23:03.996629  In LCP echo request            (type 0x09  id 0x67  len 0x0008)
11:23:03.996645 Out LCP echo reply              (type 0x0a  id 0x67  len 0x0008)
11:23:04.801130 Out LCP echo request            (type 0x09  id 0x6d  len 0x0008)
11:23:04.801694  In LCP echo reply              (type 0x0a  id 0x6d  len 0x0008)
^C
11 packets received by filter
0 packets dropped by kernel

Meaning

The sample output shows the actual packets entering and leaving the Routing Engine, not the transit packets passing through the router. You can use this information to diagnose issues such as Point-to-Point Protocol negotiation, Border Gateway Protocol negotiation, and Open Shortest Path First hellos.

The monitor traffic command is similar to the UNIX tcpdump command. For more information about the monitor traffic command, see the Junos System Basics and Services Command Reference.

Caution: Use the monitor traffic command to diagnose problems on your router. Do not to leave this command on because it consumes Routing Engine resources.

Display Key IP Header Information

Purpose

To display key IP header information when you have a firewall configured with a log action.

Action

To display key IP header information if you have a firewall configured with a log action, enter the following Junos OS CLI operational mode command:

user@host> show firewall log

Sample Output

user@R1> show firewall log

Time      Filter     A Interface        Pro  Source address  Destination address
16:08:04 pfe        A  so-1/1/0.0       ICM  123.168.10.65   123.168.10.66:24373
16:08:03 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:29531
16:08:02 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:27265
16:08:01 pfe        A so-1/1/0.0       OSP 123.168.10.65   212.0.0.5:48
16:08:01 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:43943
16:08:00 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:58572
16:07:59 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:56307
16:07:58 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:60185
16:07:57 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:1600
16:07:56 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:6502
16:07:55 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:17548
16:07:54 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:5298
16:07:53  pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:24536
16:07:52  sample-test  A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:24373
16:07:52 sample-test A local            ICM 123.168.10.66   123.168.10.65:22325
16:07:52 pfe        A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:27900
16:07:51 pfe        A so-1/1/0.0       OSP 123.168.10.65   212.0.0.5:48
16:07:51 sample-test A so-1/1/0.0       ICM 123.168.10.65   123.168.10.66:29531
16:07:51 sample-test A local            ICM 123.168.10.66     123.168.10.65:27483

Meaning

The sample output shows key IP header information about firewall filters on the router. The source and destination addresses of packets provide important information when you investigate problems on the router.

The Filter field contains information about how a packet traveled through the router before it was handled by either the Routing Engine or the Packet Forwarding Engine.

If the filter name appears in the Filter field, the Routing Engine handled the packet. For example, sample-test is a firewall filter configured at the [edit firewall] hierarchy level.
If the word pfe appears in the Filter field, the Packet Forwarding Engine handled the packet. The Packet Forwarding Engine receives information about the name of the firewall filter.

All packets were accepted (A). Other actions are discard (D) and reject (R).

The Interface column shows that all packets came through so-1/1/0.0, and icm or osp are the represented protocols. Other possible protocol names are: egp, gre, ipip, pim, resp, tcp, or udp.

Show Packet Count When a Firewall Filter Is Configured with the Count Option

Purpose

To show the packet count when a firewall filter is configured with the count option.

Action

To show the packet count when a firewall filter is configured with the count option, enter the following Junos OS CLI operational mode command:

user@host> show firewall filter filter-name

The following sample output shows the icmp filter incrementing:

Sample Output

user@R1> show firewall filter icmp
Filter: icmp
Counters:
Name                                                Bytes              Packets
count-icmp                                            252                    3

Sample Output

The following sample output shows a configuration of the count option:

[edit]
user@R1# show firewall filter icmp
term a {
    from {
        protocol icmp;
    }
    then count count-icmp;
}
term b {
    then accept;
}

Meaning

The sample output shows that the packet matched a criteria in the icmp filter and the filter had a count action applied to it.

Display Traffic from the Point of View of the Packet Forwarding Engine

Purpose

To display traffic from the point of view of the Packet Forwarding Engine.

Action

To display traffic from the point of view of the Packet Forwarding Engine, enter the following Junos OS CLI operational mode command:

user@host> show pfe statistics traffic

The following sample output was taken before packets were sent:

Sample Output

user@R2> show pfe statistics traffic    
PFE Traffic statistics:
               635392 packets input  (0 packets/sec)
               829862 packets output (0 packets/sec)
PFE Local Traffic statistics:
     579278 local packets input
     773747 local packets output
          0 software input high drops
          0 software input medium drops
          0 software input low drops
          1 software output drops
          0 hardware input drops
PFE Local Protocol statistics:
          0 hdlc keepalives
          0 atm oam
          0 fr lmi
     254613 ppp lcp/ncp
          0 ospf hello
          0 rsvp hello
     107203 isis iih
PFE Hardware Discard statistics:
          0 timeout
          0 truncated key
          0 bits to test
          0 data error
          0 stack underflow
          0 stack overflow
           0 normal discard
          0 extended discard
          0 invalid iif
          0 info cell drops
          0 fabric drops

The following sample output was taken after 100 packets were sent to router R2:

Sample Output

user@R2> show pfe statistics traffic    
PFE Traffic statistics:
               635595 packets input  (2 packets/sec)
               829990 packets output (2 packets/sec)
PFE Local Traffic statistics:
     579373 local packets input
     773869 local packets output
          0 software input high drops
          0 software input medium drops
          0 software input low drops
          1 software output drops
          0 hardware input drops
PFE Local Protocol statistics:
          0 hdlc keepalives
          0 atm oam
          0 fr lmi
     254655 ppp lcp/ncp
          0 ospf hello
          0 rsvp hello
     107220 isis iih
PFE Hardware Discard statistics:
          0 timeout
          0 truncated key
          0 bits to test
          0 data error
          0 stack underflow
          0 stack overflow
         100 normal discard
          0 extended discard
          0 invalid iif
          0 info cell drops
          0 fabric drops

Meaning

The sample output shows the number and rate of packets entering and leaving the Packet Forwarding Engine. For example, the 100 packets sent to R2 were discarded due to a route that had a discard next hop configured, as shown in the PFE Hardware Discard statistics field. All counters increased as a result of the 100 packets.