Juniper J-Series Administration Manual page 287

Name (tools-server:user):remoteuser
331 Password required for remoteuser.
Password:
230 User remoteuser logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Navigate to the directory where packet capture files are stored on the router:
2.
ftp> lcd /var/tmp
Local directory now /cf/var/tmp
Copy the packet capture file that you want to analyze—for example,
3.
, to the server:
126b.fe-0.0.1
ftp> put 126b.fe-0.0.1
local: 126b.fe-0.0.1 remote: 126b.fe-0.0.1
200 PORT command successful.
150 Opening BINARY mode data connection for '126b.fe-0.0.1'.
100% 1476 00:00 ETA
226 Transfer complete.
1476 bytes sent in 0.01 seconds (142.42 KB/s)
Return to the CLI configuration mode:
4.
ftp> bye
221 Goodbye.
[edit]
user@host#
Open the packet capture file on the server with tcpdump or any packet analyzer
that supports libpcap format.
root@server% tcpdump -r 126b.fe-0.0.1 -xevvvv
01:12:36.279769 Out 0:5:85:c4:e3:d1 > 0:5:85:c8:f6:d1, ethertype IPv4 (0x0800),
length 98: (tos 0x0, ttl
length: 84) 14.1.1.1 > 15.1.1.1: ICMP echo request seq 0, length 64
01:12:36.279793 Out 0:5:85:c8:f6:d1 > 0:5:85:c4:e3:d1, ethertype IPv4 (0x0800),
length 98: (tos 0x0, ttl
length: 84) 15.1.1.1 > 14.1.1.1: ICMP echo reply seq 0, length 64
root@server%
Chapter 13: Configuring Packet Capture
64, id 33133, offset 0, flags [none], proto: ICMP (1),
0005 85c8 f6d1 0005 85c4 e3d1 0800 4500
0054 816d 0000 4001 da38 0e01 0101 0f01
0101 0800 3c5a 981e 0000 8b5d 4543 51e6
0100 aaaa aaaa aaaa aaaa aaaa aaaa aaaa
aaaa aaaa 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000
63, id 41227, offset 0, flags [none], proto: ICMP (1),
0005 85c4 e3d1 0005 85c8 f6d1 0800 4500
0054 a10b 0000 3f01 bb9a 0f01 0101 0e01
0101 0000 445a 981e 0000 8b5d 4543 51e6
0100 aaaa aaaa aaaa aaaa aaaa aaaa aaaa
aaaa aaaa 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000
Verifying Captured Packets
265