Tuesday 29 March 2011

JunOS "monitor traffic" to PCAP

I knocked up the following script to convert a JunOS "monitor traffic interface ..." output into a pcap file. You can generate a pcap directly from the shell on the Juniper but this was a quick and easy method our support and implementation guys could use.

Couple of caveats, if the L2 headers get stripped out the script will attempt to compensate and generate a temporary L2 header for the packet based on the type of traffic. If this happens then the script supports IPv4, IPv6 and MPLS.