Technical Documentation

Example: Sampling All Traffic from a Single IP Address

The following configuration gathers statistical information about every packet entering the router on a specific Gigabit Ethernet port originating from a single source IP address of 10.45.92.31, and collects it in a file named samples-10-45-92-31.txt.

Create the filter:

[edit firewall family inet]filter one-ip {term get-ip {from {source-address 10.45.92.31;}then {sample;accept;}}}

Apply the filter to the Gigabit Ethernet interface:

[edit interfaces]ge-4/1/1 {unit 0 {family inet {filter {input one-ip;}address 10.45.92.254;}}}

Finally, gather statistics on all the candidate samples; in this case, gather all statistics:

[edit forwarding-options]sampling {input {rate 1;}family inet {output {file {filename samples-215-45-92-31.txt;files 100;size 100k;}}}}

Published: 2010-04-15