monitor security packet-drop
Syntax
monitor security packet-drop <source-prefix> <destination-prefix> <source-port> <destination-port> <ingress-interface-name> <protocol> <logical-system-name> <count-number>
Description
Displays the packet-drop information without committing the configuration, which allows you to trace and monitor the traffic flow. This command output is displayed on the screen until you press Ctrl+c or until the security device collects the requested number of packet drops. The command includes various filters to generate the output fields per your requirement.
You can save the packet pocket records to a file using the monitor security
packet-drop | append /var/log/filename.log command.
Options
| source-prefix |
Display the packet drop information for the given source IP or source prefix address. |
| destination-prefix | Display the packet drop information for the given destination IP or source prefix address. |
| source-port | Display the packet drop information for the given source port. |
| destination-port | Display the packet drop information for the given destination port. |
| ingress-interface-name | Display the packet drop information for the given ingress interface address. |
| protocol | Display the packet drop information for the given protocol number. |
| logical-system-name | Display the packet drop information for the logical system name. |
| count-number | Display the packet drop information for the given count. Range: 1 thru 8000 Default: 50 |
Required Privilege Level
view
Sample Output
monitor security packet-drop
When configuration is set to default IDP security policy, using the command
set security idp idp-policy IDP_Default rulebase-ips rule 1 then action
drop-packet, the following type of output is displayed for monitor
security packet-drop command.
user@host> monitor security packet-drop
Starting packet drop: 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP drop SLL packet
When configuration is set to drop connection action, the following type of output is displayed for monitor security packet-drop command.
user@host> monitor security packet-drop
Starting packet drop: 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:Malformed IPV6 header in IPv4 tunnel 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:Bad TCP headers
Output for packet drops independent of IPS policies.
user@host> monitor security packet-drop
Starting packet drop: 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP drop SLL packet 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:Malformed IPV6 header in IPv4 tunnel 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:Bad TCP headers 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:Overflow drops 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:Sequence number wrap around errors 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Policy Initn failed 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:Flow Rejected
user@host> monitor security packet-drop
Starting packet drop: 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Drop Packet ICMP:INFO:ECHO-REQUEST 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Close-Client-And-Server ICMP:INFO:ECHO-REQUEST 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Close-Server ICMP:INFO:ECHO-REQUEST 14:46:45.511471:LSYS-ID-00 4.0.0.1/19895-->5.0.0.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Close-Client ICMP:INFO:ECHO-REQUEST
- monitor security packet-drop with filters
- monitor security packet-drop count 2
- monitor security packet-drop | append /var/log/abcd.log
- show log abcd.log
monitor security packet-drop with filters
user@host> monitor security packet-drop source-prefix 192.0.2.1 destination-prefix 192.151.100.1 proto icmp
14:46:45.511471:LSYS-ID-00 192.0.2.1/19895-->192.151.100.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Close-Server ICMP:INFO:ECHO-REQUEST 14:46:45.511471:LSYS-ID-00 192.0.2.1/19895-->192.151.100.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Close-Client ICMP:INFO:ECHO-REQUEST
monitor security packet-drop count 2
user@host> monitor security packet-drop count 2
14:46:45.511471:LSYS-ID-00 192.0.2.1/19895-->192.151.100.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Close-Server ICMP:INFO:ECHO-REQUEST 14:46:45.511471:LSYS-ID-00 192.0.2.1/19895-->192.151.100.1/1;icmp,ipid-0,ge-0/0/0.0,Dropped by IDP:IDP Rule Action Close-Server ICMP:INFO:ECHO-REQUEST
monitor security packet-drop | append /var/log/abcd.log
user@host> monitor security packet-drop | append /var/log/abcd.log
^C[abort] Wrote 7 lines of output to '/var/log/abcd.log'
show log abcd.log
user@host> show log abcd.log
Starting packet drop: 07:35:36.742809:LSYS-ID-00 192.0.2.1/2198-->192.151.100.1/1;icmp,ipid-16088,ge-0/0/2.0,Dropped by POLICY:Denied by Policy: default-policy-logical-system-00 07:35:37.640858:LSYS-ID-00 192.0.2.1/2198-->192.151.100.1/2;icmp,ipid-52440,ge-0/0/2.0,Dropped by POLICY:Denied by Policy: default-policy-logical-system-00 07:35:38.665155:LSYS-ID-00 192.0.2.1/2198-->192.151.100.1/3;icmp,ipid-28633,ge-0/0/2.0,Dropped by POLICY:Denied by Policy: default-policy-logical-system-00 07:35:39.689185:LSYS-ID-00 192.0.2.1/2198-->192.151.100.1/4;icmp,ipid-47577,ge-0/0/2.0,Dropped by POLICY:Denied by Policy: default-policy-logical-system-00 07:35:40.712870:LSYS-ID-00 192.0.2.1/2198-->192.151.100.1/5;icmp,ipid-44762,ge-0/0/2.0,Dropped by POLICY:Denied by Policy: default-policy-logical-system-00 07:35:41.797742:LSYS-ID-00 192.0.2.1/2198-->192.151.100.1/6;icmp,ipid-16859,ge-0/0/2.0,Dropped by POLICY:Denied by Policy: default-policy-logical-system-00
Release Information
Command introduced in Junos OS Release 21.1R1.
Signature added to packet drop reason in Junos OS Release 21.2R2.