Packet Capture Overview - Juniper J-Series Administration Manual

J-series Services Router Administration Guide
Table 133: Packet Capture Terms
Term
interface sampling
libpcap
packet capture
packet loss priority (PLP)
bit
port mirroring
tcpdump
traffic sampling

Packet Capture Overview

Packet capture is used by network administrators and security engineers for the
following purposes:
Packet capture operates like traffic sampling on the Services Router, except that it
captures entire packets including the Layer 2 header rather than packet headers and
saves the contents to a file in the libpcap format. Packet capture also captures IP
fragments. Unlike traffic sampling, there are no tracing operations for packet capture.
254
Packet Capture Overview
Definition
Packet sampling method used by packet capture, in which entire IPv4 packets flowing in the
input or output direction, or both directions, are captured for analysis.
An implementation of the pcap application programming interface. libpcap may be used by a
program to capture packets traveling over a network.
1. Packet sampling method available only on J-series routers, in which entire IPv4 packets
flowing through a router are captured for analysis. Packets are captured in the Routing
Engine and stored as libpcap-formatted files in the
capture files can be opened and analyzed offline with packet analyzers such as tcpdump
or Ethereal. To avoid performance degradation on the router, implement packet capture
with firewall filters that capture only selected packets. See also traffic sampling.
2. Packet sampling method available from the J-Web interface, for capturing the headers of
packets destined for or originating from the Routing Engine. (See "Capturing and Viewing
Packets with the J-Web Interface" on page 226).
Bit used to identify packets that have experienced congestion or are from a transmission that
exceeded a service provider's customer service license agreement. This bit can be used as part
of a router's congestion control mechanism and can be set by the interface or by a filter.
The process of sending a copy of a packet from the router to an external host address.
For more information about port mirroring, see the JUNOS Policy Framework Configuration Guide.
A command line utility for debugging computer network problems. tcpdump allows the user to
display the contents of TCP/IP and other packets captured on a network interface. On UNIX and
most other operating systems, a user must have superuser privileges to use tcpdump due to its
use of promiscuous mode.
Packet sampling method in which the sampling key based on the IPv4 header is sent to the
Routing Engine. There, the key is placed in a file, or cflowd packets based on the key and are
sent to a cflowd server for analysis. See also packet capture.
Monitor network traffic and analyze traffic patterns.
Identify and troubleshoot network problems.
Detect security breaches in the network, such as unauthorized intrusions, spyware
activity, or ping scans.
/var/tmp directory on the router. Packet