Difference between revisions of "Monitor traffic (command)"

From VyOS Wiki
Jump to: navigation, search
m (Added category)
m (Cbrjack moved page Interface monitoring to Monitor interfaces (command): Standardization)
(No difference)

Revision as of 02:42, 27 March 2017

The "monitor interfaces" command allows you to monitor the traffic going across an interface. It is a wrapper around tcpdump.

Syntax

monitor interfaces <ethernet ethX> traffic

You can also modify the output using the different commands available:

monitor interfaces <ethernet ethX> traffic
  detail        Monitor detailed traffic for the specified ethernet interface
  filter        Monitor filtered traffic for the specified ethernet interface
  save          Save monitored traffic to a file
  unlimited     Monitor traffic for the specified ethernet interface

The filter syntax is the same as for tcpdump, within quotation marks.


Example

To capture all traffic flowing across eth0:

vyos@router:~$ monitor interfaces ethernet eth0 traffic
Capturing traffic on eth0 ...
  0.000000  192.168.1.20 -> 162.254.193.6 UDP Source port: 60420  Destination port: 27021
  0.000086  174.33.65.84 -> 162.254.193.6 UDP Source port: 60420  Destination port: 27021
  0.537777 108.161.147.23 -> 174.33.65.84  UDP Source port: 7351  Destination port: 44488
  0.537864 108.161.147.23 -> 192.168.1.205 UDP Source port: 7351  Destination port: 44488
  0.538615   192.168.1.1 -> 192.168.1.20  TCP 10022 > 63629 [PSH, ACK] Seq=1 Ack=1 Win=260 Len=308
[...]

Applying a filter to the output:

vyos@router:~$ monitor interfaces ethernet eth0 traffic filter "host not 192.168.1.20"
Capturing traffic on eth0 ...
  0.000000 192.168.1.225 -> 216.113.27.12 ICMP Echo (ping) request
  0.000074  174.33.65.84 -> 216.113.27.12 ICMP Echo (ping) request
  0.000106 192.168.1.225 -> 8.8.8.8      ICMP Echo (ping) request
  0.000125  174.33.65.84 -> 8.8.8.8      ICMP Echo (ping) request