Which three tools would you use to troubleshoot the issue?

You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is
dropping at the SRX240 in your network. Which three tools would you use to troubleshoot
the issue? (Choose three.)

A.
monitor interface traffic

B.
show security flow session

C.
monitor traffic interface

D.
debug flow basic

E.
security flow traceoptions

Show Hint

← Previous question

Next question →

Leave a Reply 6

traffikator

ABE

ati

BCE
https://www.juniper.net/documentation/en_US/junos14.2/topics/reference/command-summary/monitor-traffic.html
https://kb.juniper.net/InfoCenter/index?page=content&id=KB16385&actp=search

ati

BCE
user@host> monitor interface so-0/0/0

router1 Seconds: 19 Time: 15:46:29

Interface: so-0/0/0, Enabled, Link is Up
Encapsulation: PPP, Keepalives, Speed: OC48
Traffic statistics: Current Delta
Input packets: 6045 (0 pps) [11]
Input bytes: 6290065 (0 bps) [13882]
Output packets: 10376 (0 pps) [10]
Output bytes: 10365540 (0 bps) [9418]
Encapsulation statistics:
Input keepalives: 1901 [2]
Output keepalives: 1901 [2]
NCP state: Opened
LCP state: Opened
Error statistics:

user@host> monitor traffic matching “net 192.168.1.0/24”

verbose output suppressed, use or for full protocol decode
Address resolution is ON. Use to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on fxp0, capture size 96 bytes

Reverse lookup for 192.168.1.255 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use no-resolve to avoid reverse lookups on IP addresses.

21:55:54.003511 In IP truncated-ip – 18 bytes missing!
192.168.1.17.netbios-ns > 192.168.1.255.netbios-ns: UDP, length 50
21:55:54.003585 Out IP truncated-ip – 18 bytes missing!
192.168.1.17.netbios-ns > 192.168.1.255.netbios-ns: UDP, length 50
21:55:54.003864 In arp who-has 192.168.1.17 tell 192.168.1.9

ikhan

A question already mention that box is dropping so no need to look for traffic at interface.
D there is no such command

BCE correct

Dany

ABE
i think C is wrong since monitor traffic interface is used to capture only self generated traffic while the question asks about transient.

Tom Brady

The entire point of this question is to see if you understand the difference between “monitor traffic interface” and “monitor interface traffic”. They both have a purpose and look very similar.

“monitor traffic interface ” runs a packet capture, but this only shows traffic to/from the routing-engine, not transit traffic. That’s why the word “transit traffic” is used explicitly in the question.

“monitor interface traffic” will show you some usage data/counters on all interfaces, it could potentially be helpful for seeing a transit traffic issue, though often it won’t be of much use.