J-series™ Services Router Administration Guide

Table 133: Packet Capture Terms

Term

Definition

interface sampling

Packet sampling method used by packet capture, in which entire IPv4 packets flowing in the

 

input or output direction, or both directions, are captured for analysis.

libpcap

An implementation of the pcap application programming interface. libpcap may be used by a

 

program to capture packets traveling over a network.

packet capture

1. Packet sampling method available only on J-series routers, in which entire IPv4 packets

 

flowing through a router are captured for analysis. Packets are captured in the Routing

 

Engine and stored as libpcap-formatted files in the /var/tmp directory on the router. Packet

 

capture files can be opened and analyzed offline with packet analyzers such as tcpdump

 

or Ethereal. To avoid performance degradation on the router, implement packet capture

 

with firewall filters that capture only selected packets. See also traffic sampling.

 

2. Packet sampling method available from the J-Web interface, for capturing the headers of

 

packets destined for or originating from the Routing Engine. (See “Capturing and Viewing

 

Packets with the J-Web Interface” on page 226).

packet loss priority (PLP) Bit used to identify packets that have experienced congestion or are from a transmission that

bit

exceeded a service provider's customer service license agreement. This bit can be used as part

 

of a router's congestion control mechanism and can be set by the interface or by a filter.

port mirroring

The process of sending a copy of a packet from the router to an external host address.

 

For more information about port mirroring, see the JUNOS Policy Framework Configuration Guide.

tcpdump

A command line utility for debugging computer network problems. tcpdump allows the user to

 

display the contents of TCP/IP and other packets captured on a network interface. On UNIX and

 

most other operating systems, a user must have superuser privileges to use tcpdump due to its

 

use of promiscuous mode.

traffic sampling

Packet sampling method in which the sampling key based on the IPv4 header is sent to the

 

Routing Engine. There, the key is placed in a file, or cflowd packets based on the key and are

 

sent to a cflowd server for analysis. See also packet capture.

Packet Capture Overview

Packet capture is used by network administrators and security engineers for the following purposes:

Monitor network traffic and analyze traffic patterns.

Identify and troubleshoot network problems.

Detect security breaches in the network, such as unauthorized intrusions, spyware activity, or ping scans.

Packet capture operates like traffic sampling on the Services Router, except that it captures entire packets including the Layer 2 header rather than packet headers and saves the contents to a file in the libpcap format. Packet capture also captures IP fragments. Unlike traffic sampling, there are no tracing operations for packet capture.

254Packet Capture Overview

Page 275 Page 277
Page 276
Image 276
Juniper Networks J-Series manual Packet Capture Overview, Packet Capture Terms
Page 275 Page 277
Top Page Image Contents