Introduction to the Junos Operating System

Part 2: Using Network Utilities and Monitoring Traffic

In this lab part, each team will use network utilities within the CLI and monitor local system traffic.

Step 2.1

Enter configuration mode and load the lab4-part2-start.config file from the/var/home/lab/ijos/ directory. Commit your configuration and return to operational mode when complete.

lab@srxA-1> configure Entering configuration mode

[edit]

lab@srxA-1# load override ijos/lab4-part2-start.config load complete

[edit]

lab@srxA-1# commit and-quit commit complete

Exiting configuration mode

lab@srxA-1>

Step 2.2

Start a continuous ping to the server with a data size of 500 bytes. Refer to the management network diagram for the server’s IP address.

Note

If you are not receiving Internet Control Message Protocol (ICMP) echo replies from the server, notify your instructor.

lab@srxA-1> ping server address size 500

PING 10.210.14.130 (10.210.14.130): 500 data bytes

508 bytes from 10.210.14.130: icmp_seq=0 ttl=64 time=3.649 ms 508 bytes from 10.210.14.130: icmp_seq=1 ttl=64 time=2.509 ms 508 bytes from 10.210.14.130: icmp_seq=2 ttl=64 time=2.531 ms 508 bytes from 10.210.14.130: icmp_seq=3 ttl=64 time=2.803 ms 508 bytes from 10.210.14.130: icmp_seq=4 ttl=64 time=4.753 ms 508 bytes from 10.210.14.130: icmp_seq=5 ttl=64 time=2.495 ms 508 bytes from 10.210.14.130: icmp_seq=6 ttl=64 time=2.942 ms

...TRIMMED...

Introduction to the Junos Operating System

Question: Which command option do you use to make the ping continuous?

Answer: As shown in the sample output, you do not need an extra command option to make the ping continuous. Echo requests send continuously by default. You can use the count option to send a defined amount of packets.

Note

You can stop the ping operation by using the Ctrl+c keystroke combination. You should, however, let the ping operation continue at this time for the subsequent monitoring step.

Step 2.3

Open a new terminal session to your team’s device. Use Telnet to access your system’s management IP address. If needed, refer to the management network diagram. Log in with the lab user account and the password provided by the instructor. You will use this separate terminal session to monitor ping traffic generation.

srxA-1 (ttyp0)

login: lab Password:

--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC lab@srxA-1>

Introduction to the Junos Operating System

Step 2.4

Use the monitor traffic interface ge-0/0/0 command to begin monitoring the ge-0/0/0 management interface.

Note

You can stop the monitoring operation by using the Ctrl+c keystroke combination. You can also increase the capture size using the size option to avoid truncated packets.

Reverse lookup for 10.210.14.129 failed (check DNS reachability). Other reverse lookup failures will not be reported.

Use <no-resolve> to avoid reverse lookups on IP addresses.

08:53:59.796502 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 9055411 17 win 64422

08:53:59.796709 Out IP truncated-ip - 225 bytes missing! 10.210.14.131.telnet > 10.210.14.129.35817: P 1:246(245) ack 0 win 65535

08:54:00.005781 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 246 win 64177

08:54:00.544439 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 148, length 64

08:54:00.546050 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 148, length 64

08:54:00.669325 Out IP truncated-ip - 162 bytes missing! 10.210.14.131.telnet > 10.210.14.129.35817: P 246:428(182) ack 0 win 65535

08:54:00.938021 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 428 win 63995

08:54:00.938237 Out IP truncated-ip - 526 bytes missing! 10.210.14.131.telnet > 10.210.14.129.35817: P 428:974(546) ack 0 win 65535

08:54:01.147138 In IP 10.210.14.129.35817 > 10.210.14.131.telnet: . ack 974 win 64512

...TRIMMED...

Question: Does the capture display ICMP traffic?

Answer: Yes, you should see ICMP echoes and replies from your ping operation, amongst other traffic.

Introduction to the Junos Operating System

Question: How can you filter the output to show only the ICMP traffic?

Answer: Use the matching option to filter by header information in the output:

Reverse lookup for 10.210.14.131 failed (check DNS reachability). Other reverse lookup failures will not be reported.

Use <no-resolve> to avoid reverse lookups on IP addresses.

09:22:00.996124 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 1809, length 64

09:22:00.998011 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 1809, length 64

09:22:02.008405 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 1810, length 64

09:22:02.019011 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 1810, length 64

09:22:03.020109 Out IP truncated-ip - 24 bytes missing! 10.210.14.131 > 10.210.1 4.130: ICMP echo request, id 960, seq 1811, length 64

09:22:03.030094 In IP 10.210.14.130 > 10.210.14.131: ICMP echo reply, id 960, s eq 1811, length 64

^C

18 packets received by filter

0 packets dropped by kernel

lab@srxA-1>

Question: What command option allows you to view source and destination MAC addresses for the captured packets?

Answer: Include the layer2-headers option to view Layer 2 header information, including the source and destination MAC addresses as shown: