Which three tools would you use to troubleshoot the issue?

monitor interface: Display real-time statistics about interfaces, updating the statistics every second. Check for and display common interface failures, such as SONET/SDH and T3 alarms, loopbacks detected, and increases in framing errors.

monitor traffic: With ‘monitor traffic’ command you can capture packet same as with TCPdump realtime in your session remote (console, ssh, telnet).

Not sure if A or C. Interface traffic will show me statistics, which won’t be very helpfull. Traffic interface otherwise will show me details about everything that is crossing that interface. I’d go with B,C and E.

E:

In the SRX, the primary method of capturing this information is through the “set security flow traceoptions basic-datapath”, and there is also the ability to filter only certain packets for advanced debugging using the “set security flow traceoptions packet-filter”.

B:

If the packet matches an existing session, then the SRX will not include all debugging information in that output. It will display the basics and refer to the session ID to cross reference. You can still examine the session table to track this session with the “show security flow session” command.

C:

Additionally, a monitored packet capture of ‘self-traffic’ only (e.g. Dynamic Routing Protocol messages, ARP, management traffic, ICMP to Routing Engine) can be done using the ‘monitor traffic interface’ command. This is supported on both SRX Branch and High-end SRX devices. For more information, see KB15779 – SRX Getting Started – Troubleshooting Commands.