My Network Lab: March 2021

Juniper delivers advanced security requirements with the SRX Series Services Gateways. These next-generation firewalls adapt as new threats emerge. They use information from the Juniper Advanced Threat Prevention cloud-based service and third-party GeoIP feeds to block malicious activities as they enter or traverse the network.

Monitoring System Operation

You can monitor most system related information using the show system <ARGUMENT> commands.

jadmin@JR-1> show system ?

Possible completions:

alarms Show system alarm status

audit Show file system MD5 hash and permissions

boot-messages Show boot time messages

buffers Show buffer statistics

certificate Show installed X509 certificates

commit Show pending commit requests (if any) and commit history

configuration Show configuration information

connections Show system connection activity

core-dumps Show system core files

directory-usage Show local directory information

memory Show system memory usage

processes Show system process table

queues Show queue statistics

reboot Show any pending halt or reboot requests

resource-cleanup Show resource cleanup information

rollback Show rolled back configuration

services Show service applications information

snapshot Show snapshot information

software Show loaded JUNOS extensions

statistics Show statistics for protocol

storage Show local storage data

subscriber-management Show Subscriber management information

uptime Show time since system and processes started

users Show users who are currently logged in

virtual-memory Show kernel dynamic memory usage

jadmin@JR-1> show system alarms

No alarms currently active

jadmin@JR-1> show system boot-messages

JUNOS 12.1R1.9 #0: 2012-03-24 12:52:33 UTC

builder@greteth:/volume/build/junos/12.1/release/12.1R1.9/obj-i386/junos/bsd

/kernels/JUNIPER/kernel

Timecounter "i8254" frequency 1193182 Hz quality 0

CPU: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz (2813.63-MHz 686-class CPU)

Origin = "GenuineIntel" Id = 0x406e3 Stepping = 3

Features=0x1783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,C

MOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,HTT>

Features2=0x56da220b<SSE3,<b1>,MON,SSSE3,CX16,<b17>,SSE4.1,SSE4.2,MOVBE,POPCNT

,<b25>,XSAVE,<b28>,<b30>>

AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>

AMD Features2=0x121<LAHF,ABM,Prefetch>

real memory = 536805376 (511 MB)

avail memory = 511856640 (488 MB)

pnpbios: Bad PnP BIOS data checksum

Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)

Security policy loaded: JUNOS MAC/pcap (mac_pcap)

Initializing M/T platform properties ..

cpu0 on motherboard

pcib0: <Host to PCI bridge> pcibus 0 on motherboard

pir0: <PCI Interrupt Routing Table: 30 Entries> on motherboard

pci0: <PCI bus> on pcib0

Correcting Natoma config for non-SMP

isab0: <PCI-ISA bridge> at device 1.0 on pci0

isa0: <ISA bus> on isab0

atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37

6,0xd000-0xd00f at device 1.1 on pci0

ata0: <ATA channel 0> on atapci0

ata1: <ATA channel 1> on atapci0

pci0: <display, VGA> at device 2.0 (no driver attached)

em0: <Intel(R) PRO/1000 Network Connection Version - 3.2.18> port 0xd010-0xd017

mem 0xf0000000-0xf001ffff irq 9 at device 3.0 on pci0

em0: Memory Access and/or Bus Master bits were not set!

pci0: <base peripheral> at device 4.0 (no driver attached)

pci0: <multimedia, audio> at device 5.0 (no driver attached)

smb0: <Intel 82371AB SMB controller> irq 9 at device 7.0 on pci0

orm0: <ISA Option ROM> at iomem 0xc0000-0xc7fff on isa0

atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0

atkbd0: <AT Keyboard> irq 1 on atkbdc0

kbd0 at atkbd0

psm0: <PS/2 Mouse> irq 12 on atkbdc0

psm0: model IntelliMouse Explorer, device ID 4

vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0

sc0: <System console> at flags 0x100 on isa0

sc0: VGA <16 virtual consoles, flags=0x100>

sio0 at port 0x3f8-0x3ff irq 4 flags 0x90 on isa0

sio0: type 16550A, console

sio1: configured irq 5 not in bitmap of probed irqs 0

sio1: port may not be enabled

sio2: configured irq 3 not in bitmap of probed irqs 0

sio2: port may not be enabled

sio3: configured irq 7 not in bitmap of probed irqs 0

sio3: port may not be enabled

Initializing product: 1 ..

Setting up M/T interface operations and attributes

bmeb: bmeb_lib_init done 0xc273c800, addr 0xc0dc5b00

em0: bus=0, device=3, func=0, Ethernet address 08:00:27:a6:33:e8

Timecounter "TSC" frequency 2813628674 Hz quality 800

###PCB Group initialized for udppcbgroup

###PCB Group initialized for tcppcbgroup

ad0: Device does not support APM

ad0: 5120MB <VBOX HARDDISK 1.0> at ata0-master UDMA33

Trying to mount root from ufs:/dev/ad0s1a

jadmin@JR-1> show system connections

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address Foreign Addr

ss (state)

tcp4 0 3 10.1.1.1.23 10.1.1.10.23

74 ESTABLISHED

tcp4 0 0 10.1.1.1.23 10.1.1.10.33

29 ESTABLISHED

tcp4 0 0 10.1.1.1.23 10.1.1.10.63

14 ESTABLISHED

tcp4 0 0 *.23 *.*

LISTEN

tcp4 0 0 *.22 *.*

LISTEN

tcp4 0 0 *.6156 *.*

LISTEN

tcp4 0 0 *.666 *.*

LISTEN

tcp4 0 0 128.0.0.4.9000 128.0.0.4.52

79 ESTABLISHED

tcp4 0 0 128.0.0.4.52679 128.0.0.4.90

0 ESTABLISHED

tcp4 0 0 *.6161 *.*

LISTEN

tcp4 0 0 *.38 *.*

LISTEN

tcp4 0 0 *.7000 *.*

LISTEN

tcp4 0 0 *.6151 *.*

LISTEN

tcp4 0 0 *.31343 *.*

LISTEN

tcp4 0 0 *.31341 *.*

LISTEN

tcp4 0 0 *.51627 *.*

LISTEN

tcp4 0 0 *.9000 *.*

LISTEN

tcp4 0 0 *.6152 *.*

LISTEN

tcp4 0 0 *.32003 *.*

LISTEN

tcp4 0 0 *.514 *.*

LISTEN

tcp4 0 0 *.513 *.*

LISTEN

tcp4 0 0 *.10798 *.*

LISTEN

tcp4 0 0 *.6234 *.*

LISTEN

udp4 0 0 *.123 *.*

udp46 0 0 *.514 *.*

udp4 0 0 *.514 *.*

udp4 0 0 *.31340 *.*

udp46 0 0 *.49152 *.*

udp46 0 0 *.4784 *.*

udp46 0 0 *.3784 *.*

udp4 0 0 *.49152 *.*

udp4 0 0 *.4784 *.*

udp4 0 0 *.3784 *.*

udp4 0 0 *.49153 *.*

udp4 0 0 *.3503 *.*

udp4 0 0 *.31342 *.*

udp46 0 0 *.65350 *.*

udp4 0 0 *.61859 *.*

udp4 0 0 *.6333 *.*

ip4 0 0 *.* *.*

jadmin@JR-1> show system statistics

Tcp:

23578 packets sent

22234 data packets (1296515 bytes)

38 data packets retransmitted (2444 bytes)

0 resends initiated by MTU discovery

1288 ack only packets (1120 packets delayed)

0 URG only packets

0 window probe packets

0 window update packets

65 control packets

30799 packets received

22100 acks(for 1296344 bytes)

193 duplicate acks

0 acks for unsent data

21455 packets received in-sequence(58994 bytes)

81 completely duplicate packets(0 bytes)

0 old duplicate packets

0 packets with some duplicate data(0 bytes duped)

0 out-of-order packets(0 bytes)

0 packets of data after window(0 bytes)

0 window probes

1 window update packets

0 packets received after close

0 discarded for bad checksums

0 discarded for bad header offset fields

0 discarded because packet too short

9 connection requests

49 connection accepts

0 bad connection attempts

0 listen queue overflows

51 connections established (including accepts)

93 connections closed (including 20 drops)

43 connections updated cached RTT on close

43 connections updated cached RTT variance on close

6 connections updated cached ssthresh on close

0 embryonic connections dropped

22041 segments updated rtt(of 22053 attempts)

48 retransmit timeouts

4 connections dropped by retransmit timeout

0 persist timeouts

0 connections dropped by persist timeout

232 keepalive timeouts

216 keepalive probes sent

16 connections dropped by keepalive

4197 correct ACK header predictions

8425 correct data packet header predictions

49 syncache entries added

0 retransmitted

0 dupsyn

0 dropped

49 completed

0 bucket overflow

0 cache overflow

0 reset

0 stale

0 aborted

0 badack

0 unreach

0 zone failures

0 cookies sent

0 cookies received

0 SACK recovery episodes

0 segment retransmits in SACK recovery episodes

0 byte retransmits in SACK recovery episodes

0 SACK options (SACK blocks) received

0 SACK options (SACK blocks) sent

0 SACK scoreboard overflow

0 ACKs sent in response to in-window but not exact RSTs

0 ACKs sent in response to in-window SYNs on established connections

0 rcv packets dropped by TCP due to bad address

0 out-of-sequence segment drops due to insufficient memory

47 RST packets

0 ICMP packets ignored by TCP

0 send packets dropped by TCP due to auth errors

0 rcv packets dropped by TCP due to auth errors

0 outgoing segments dropped due to policing

udp:

48792 datagrams received

0 with incomplete header

0 with bad data length field

0 with bad checksum

48778 dropped due to no socket

48776 broadcast/multicast datagrams dropped due to no socket

0 dropped due to full socket buffers

0 not for hashed pcb

4294918534 delivered

436 datagrams output

ip:

80584 total packets received

0 bad header checksums

0 with size smaller than minimum

0 with data size < data length

0 with header length < data size

0 with data length < header length

0 with incorrect version number

0 packets destined to dead next hop

---(more 19%)---

jadmin@JR-1> show system storage

Filesystem Size Used Avail Capacity Mounted on

/dev/ad0s1a 1008M 256M 671M 28% /

devfs 1.0K 1.0K 0B 100% /dev

/dev/md0 41M 41M 0B 100% /packages/mnt/jbas

/dev/md1 18M 18M 0B 100% /packages/mnt/jker

nel-12.1R1.9

/dev/md2 16M 16M 0B 100% /packages/mnt/jpfe

-M40-12.1R1.9

/dev/md3 5.0M 5.0M 0B 100% /packages/mnt/jdoc

s-12.1R1.9

/dev/md4 78M 78M 0B 100% /packages/mnt/jrou

te-12.1R1.9

/dev/md5 28M 28M 0B 100% /packages/mnt/jcry

pto-12.1R1.9

/dev/md6 46M 46M 0B 100% /packages/mnt/jpfe

-common-12.1R1.9

/dev/md7 388M 388M 0B 100% /packages/mnt/jrun

time-12.1R1.9

/dev/md8 1007M 10.0K 926M 0% /tmp

/dev/md9 1007M 508K 926M 0% /mfs

/dev/ad0s1e 197M 12K 181M 0% /config

procfs 4.0K 4.0K 0B 100% /proc

/dev/ad0s1f 2.8G 36M 2.5G 1% /var

Monitoring the Chassis

You can monitor the chassis related info using the show chassis <ARGUMENT> commands.

jadmin@JR-1> show chassis ?

Possible completions:

alarms Show alarm status

craft-interface Show craft interface status

environment Show component status and temperature, cooling system speeds

firmware Show firmware and operating system version for components

fpc Show Flexible PIC Concentrator status

hardware Show installed hardware components

location Show physical location of chassis

mac-addresses Show media access control addresses

pic Show Physical Interface Card state, type, and uptime

routing-engine Show Routing Engine status

temperature-thresholds Show chassis temperature threshold settings

jadmin@JR-1> show chassis alarms

No alarms currently active

Monitoring the Interface

You can use the show interfaces command to verify details and status on an interface. Use the specific interface-name (i.e ge, lo, etc) to filter output in the specified interface.

jadmin@JR-1> show interfaces ?

Possible completions:

<[Enter]> Execute this command

<interface-name> Name of physical or logical interface

cbp0

demux0

dsc

em0

em0.0

gre

ipip

irb

lo0

lo0.16384

lo0.16385

lsi

mtun

pimd

pime

pip0

pp0

tap

brief Display brief output

controller Show controller information

descriptions Display interface description strings

destination-class Show statistics for destination class

detail Display detailed output

diagnostics Show interface diagnostics information

extensive Display extensive output

far-end-interval Show far end interval statistics

filters Show interface filters information

interface-set Show interface set information

interval Show interval statistics

load-balancing Show load-balancing status

mac-database Show media access control database information

mc-ae Show MC-AE configured interface information

media Display media information

policers Show interface policers information

queue Show queue statistics for this interface

redundancy Show redundancy status

routing Show routing status

routing-instance Name of routing instance

snmp-index SNMP index of interface

source-class Show statistics for source class

statistics Display statistics and detailed output

terse Display terse output

| Pipe through a command

jadmin@JR-1> show interfaces em0

Physical interface: em0, Enabled, Physical link is Up

Interface index: 8, SNMP ifIndex: 17

Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps

Device flags : Present Running

Interface flags: SNMP-Traps

Link type : Full-Duplex

Current address: 08:00:27:a6:33:e8, Hardware address: 08:00:27:a6:33:e8

Last flapped : 2020-10-18 08:01:54 SGT (00:16:06 ago)

Input packets : 54721

Output packets: 18948

Logical interface em0.0 (Index 69) (SNMP ifIndex 18)

Flags: SNMP-Traps Encapsulation: ENET2

Input packets : 27187

Output packets: 11386

Protocol inet, MTU: 1500

Flags: Sendbcast-pkt-to-re, Is-Primary

Addresses, Flags: Is-Default Is-Preferred Is-Primary

Destination: 10.1.1/24, Local: 10.1.1.1, Broadcast: 10.1.1.255

You can use the show interfaces terse command to quickly verify the physical (Admin) and Logical (Link) state of all installed interfaces as well as the Protocol (inet for IPv4 and inet6 for IPv6) and Local address. This is similar to Cisco's show ip interface brief command.

jadmin@JR-1> show interfaces terse

Interface Admin Link Proto Local Remote

cbp0 up up

demux0 up up

dsc up up

em0 up up

em0.0 up up inet 10.1.1.1/24

gre up up

ipip up up

irb up up

lo0 up up

lo0.16384 up up inet 127.0.0.1 --> 0/0

lo0.16385 up up inet 128.0.0.4 --> 0/0

inet6 fe80::a00:270f:fca6:33e8

lsi up up

mtun up up

pimd up up

pime up up

pip0 up up

pp0 up up

tap up up

You can use the show interfaces <INTERFACE-NAME> extensive command to view detailed info of a specific interface, which includes interface statistics and errors.

jadmin@JR-1> show interfaces em0 extensive

Physical interface: em0, Enabled, Physical link is Up

Interface index: 8, SNMP ifIndex: 17, Generation: 129

Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified,

Speed: 1000mbps

Device flags : Present Running

Interface flags: SNMP-Traps

Link type : Full-Duplex

Physical info : Unspecified

Hold-times : Up 0 ms, Down 0 ms

Current address: 08:00:27:a6:33:e8, Hardware address: 08:00:27:a6:33:e8

Alternate link address: Unspecified

Last flapped : 2020-10-18 08:01:54 SGT (00:21:58 ago)

Statistics last cleared: 2020-10-12 18:02:52 SGT (5d 14:21 ago)

Traffic statistics:

Input bytes : 4573369

Output bytes : 2042507

Input packets: 54889

Output packets: 19004

IPv6 transit statistics:

Input bytes : 0

Output bytes : 0

Input packets: 0

Output packets: 0

Input errors:

Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0,

Policed discards: 0, Resource errors: 0

Output errors:

Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0,

Resource errors: 0

Logical interface em0.0 (Index 69) (SNMP ifIndex 18) (Generation 137)

Flags: SNMP-Traps Encapsulation: ENET2

Traffic statistics:

Input bytes : 2082264

Output bytes : 1511350

Input packets: 27355

Output packets: 11442

Local statistics:

Input bytes : 2082264

Output bytes : 1511350

Input packets: 27355

Output packets: 11442

Protocol inet, MTU: 1500, Generation: 147, Route table: 0

Flags: Sendbcast-pkt-to-re, Is-Primary

Addresses, Flags: Is-Default Is-Preferred Is-Primary

Destination: 10.1.1/24, Local: 10.1.1.1, Broadcast: 10.1.1.255,

Generation: 146

You can use the monitor interface <INTERFACE-NAME> command to view real-time traffic counters and display errors or alarm conditions.

jadmin@JR-1> monitor interface em0

JR-1 Seconds: 4 Time: 08:27:17

Delay: 0/0/0

Interface: em0, Enabled, Link is Up

Encapsulation: Ethernet, Speed: 1000mbps

Traffic statistics: Current delta

Input bytes: 4582256 [384]

Output bytes: 2051424 [4630]

Input packets: 54995 [6]

Output packets: 19039 [6]

Error statistics:

Input errors: 0 [0]

Input drops: 0 [0]

Input framing errors: 0 [0]

Carrier transitions: 0 [0]

Output errors: 0 [0]

Output drops: 0 [0]

Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'

Ping and Traceroute Utilities

The Junos OS sends continuous pings by default and you can stop the operation with a Ctrl+c keys. You can specify the number of ICMP echo request using the count keyword.

jadmin@JR-1> ping 10.1.1.10

PING 10.1.1.10 (10.1.1.10): 56 data bytes

64 bytes from 10.1.1.10: icmp_seq=0 ttl=128 time=2.204 ms

64 bytes from 10.1.1.10: icmp_seq=1 ttl=128 time=1.641 ms

64 bytes from 10.1.1.10: icmp_seq=2 ttl=128 time=2.052 ms

64 bytes from 10.1.1.10: icmp_seq=3 ttl=128 time=1.473 ms

64 bytes from 10.1.1.10: icmp_seq=4 ttl=128 time=0.045 ms

64 bytes from 10.1.1.10: icmp_seq=5 ttl=128 time=1.578 ms

--- 10.1.1.10 ping statistics ---

6 packets transmitted, 6 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.045/1.499/2.204/0.700 ms

jadmin@JR-1> ping 10.1.1.10 ?

Possible completions:

<[Enter]> Execute this command

bypass-routing Bypass routing table, use specified interface

count Number of ping requests to send (1..2000000000 packets)

detail Display incoming interface of received packet

do-not-fragment Don't fragment echo request packets (IPv4)

inet Force ping to IPv4 destination

inet6 Force ping to IPv6 destination

interface Source interface (multicast, all-ones, unrouted packets)

interval Delay between ping requests (seconds)

logical-system Name of logical system

+ loose-source Intermediate loose source route entry (IPv4)

mac-address MAC address of the nexthop in xx:xx:xx:xx:xx:xx format

no-resolve Don't attempt to print addresses symbolically

pattern Hexadecimal fill pattern

rapid Send requests rapidly (default count of 5)

record-route Record and report packet's path (IPv4)

routing-instance Routing instance for ping attempt

size Size of request packets (0..65468 bytes)

source Source address of echo request

strict Use strict source route option (IPv4)

+ strict-source Intermediate strict source route entry (IPv4)

tos IP type-of-service value (0..255)

ttl IP time-to-live value (IPv6 hop-limit value) (hops)

verbose Display detailed output

wait Maximum wait time after sending final packet (seconds)

| Pipe through a command

jadmin@JR-1> ping 10.1.1.10 count 5 rapid // USING THE rapid KEYWORD WILL NOT WAIT FOR THE USUAL 500 ms DELAY FOR A PING RESPONSE/TIMEOUT (A DOT OUTPUT);

PING 10.1.1.10 (10.1.1.10): 56 data bytes

!!!!!

--- 10.1.1.10 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.721/0.947/1.493/0.283 ms

Packet Capture

The Junos OS monitor traffic command allows packet capture using the tcpdump utility. It monitores traffic to or from the local Routing Engine (RE). The management interface is chosen and monitored if there's no interface specified. Use the Ctrl+c keys to stop the capture.

jadmin@JR-1> monitor ?

Possible completions:

interface Show interface traffic

label-switched-path Show label-switched-path traffic

list Show status of monitored files

start Start showing log file in real time

static-lsp Show static label-switched-path traffic

stop Stop showing log file in real time

traffic Show real-time network traffic information

jadmin@JR-1> monitor traffic ?

Possible completions:

<[Enter]> Execute this command

absolute-sequence Display absolute TCP sequence numbers

brief Display brief output

count Number of packets to receive (0..1000000 packets)

detail Display detailed output

extensive Display extensive output

interface Name of interface

layer2-headers Display link-level header on each dump line

matching Expression for headers of receive packets to match

no-domain-names Don't display domain portion of hostnames

no-promiscuous Don't put interface into promiscuous mode

no-resolve Don't attempt to print addresses symbolically

no-timestamp Don't print timestamp on each dump line

print-ascii Display packets in ASCII when displaying in hexadecimal f

ormat

print-hex Display packets in hexadecimal format

resolve-timeout Period of time to wait for each name resolution (seconds)

size Amount of each packet to receive (bytes)

| Pipe through a command

jadmin@JR-1> monitor traffic interface ?

Possible completions:

<interface> Name of interface

cbp0

demux0

dsc

em0

em0.0

gre

ipip

irb

lo0

lo0.16384

lo0.16385

lsi

mtun

pimd

pime

pip0

pp0

tap

jadmin@JR-1> monitor traffic interface em0 ?

Possible completions:

<[Enter]> Execute this command

absolute-sequence Display absolute TCP sequence numbers

brief Display brief output

count Number of packets to receive (0..1000000 packets)

detail Display detailed output

extensive Display extensive output

layer2-headers Display link-level header on each dump line

matching Expression for headers of receive packets to match

no-domain-names Don't display domain portion of hostnames

no-promiscuous Don't put interface into promiscuous mode

no-resolve Don't attempt to print addresses symbolically

no-timestamp Don't print timestamp on each dump line

print-ascii Display packets in ASCII when displaying in hexadecimal f

ormat

print-hex Display packets in hexadecimal format

resolve-timeout Period of time to wait for each name resolution (seconds)

size Amount of each packet to receive (bytes)

| Pipe through a command

jadmin@JR-1> monitor traffic interface em0 no-resolve

verbose output suppressed, use <detail> or <extensive> for full protocol decode

Address resolution is OFF.

Listening on em0, capture size 96 bytes

08:48:19.744871 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1234129195 win 4279

08:48:19.745205 Out IP truncated-ip - 132 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 1:153(152) ack 0 win 32850

08:48:19.898578 In IP truncated-ip - 18 bytes missing! 10.1.1.10.137 > 10.1.1.2

55.137: UDP, length 50

08:48:19.944223 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 153 win 4241

08:48:20.550511 Out IP truncated-ip - 357 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 153:530(377) ack 0 win 32850

08:48:20.748385 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 530 win 4147

08:48:21.549747 Out IP truncated-ip - 174 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 530:724(194) ack 0 win 32850

08:48:21.749074 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 724 win 4098

08:48:22.430570 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 4271236410:4271236413(3)

ack 2049240940 win 4197

08:48:22.430958 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 1:2(1) ack 3 win 32850

08:48:22.547353 Out IP truncated-ip - 360 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 724:1104(380) ack 0 win 32850

08:48:22.630952 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 2 win 4196

08:48:22.744278 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1104 win 4380

08:48:23.216412 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 3:6(3) ack 2 win 4196

08:48:23.216502 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 2:3(1) ack 6 win 32850

08:48:23.410299 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 3 win 4196

08:48:23.545856 Out IP truncated-ip - 479 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 1104:1603(499) ack 0 win 32850

08:48:23.742187 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1603 win 4255

08:48:24.402846 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 6:7(1) ack 3 win 4196

08:48:24.404127 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 3:4(1) ack 7 win 32850

08:48:24.543010 Out IP truncated-ip - 336 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 1603:1959(356) ack 0 win 32850

08:48:24.604023 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 4 win 4196

08:48:24.614413 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 7:8(1) ack 4 win 4196

08:48:24.615634 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 4:5(1) ack 8 win 32850

08:48:24.642649 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 8:9(1) ack 5 win 4196

08:48:24.642649 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 5:6(1) ack 9 win 32850

08:48:24.721790 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 9:10(1) ack 6 win 4195

08:48:24.722075 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 6:7(1) ack 10 win 32850

08:48:24.742450 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 1959 win 4166

08:48:24.803654 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 10:11(1) ack 7 win 4195

08:48:24.804400 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 7:8(1) ack 11 win 32850

08:48:25.003152 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 8 win 4195

08:48:25.114581 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 11:12(1) ack 8 win 4195

08:48:25.114845 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 8:9(1) ack 12 win 32850

08:48:25.312660 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 9 win 4195

08:48:25.405403 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 12:13(1) ack 9 win 4195

08:48:25.406270 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 9:10(1) ack 13 win 32850

08:48:25.542069 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1

0.52492: P 1959:2982(1023) ack 0 win 32850

08:48:25.611550 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 10 win 4194

08:48:25.623454 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 13:14(1) ack 10 win 4194

08:48:25.623886 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 10:11(1) ack 14 win 32850

08:48:25.738031 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 2982 win 4380

08:48:25.738277 Out IP truncated-ip - 336 bytes missing! 10.1.1.1.23 > 10.1.1.10

.52492: P 2982:3338(356) ack 0 win 32850

08:48:25.770068 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 14:15(1) ack 11 win 4194

08:48:25.770211 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 11:12(1) ack 15 win 32850

08:48:25.854344 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 15:16(1) ack 12 win 4194

08:48:25.854889 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 12:13(1) ack 16 win 32850

08:48:25.937218 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 3338 win 4291

08:48:25.970551 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 16:17(1) ack 13 win 4194

08:48:25.970647 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 13:14(1) ack 17 win 32850

08:48:26.059451 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 17:18(1) ack 14 win 4193

08:48:26.059586 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 14:15(1) ack 18 win 32850

08:48:26.160443 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 18:19(1) ack 15 win 4193

08:48:26.160621 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 15:16(1) ack 19 win 32850

08:48:26.329003 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 19:20(1) ack 16 win 4193

08:48:26.329542 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 16:17(1) ack 20 win 32850

08:48:26.531626 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 17 win 4193

08:48:26.539866 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1

0.52492: P 3338:4361(1023) ack 0 win 32850

08:48:26.661487 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 20:22(2) ack 17 win 4193

08:48:26.662166 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 17:18(1) ack 22 win 32850

08:48:26.665537 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: IC

MP echo request, id 55872, seq 0, length 64

08:48:26.666071 In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 0, length 64

08:48:26.738878 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 4361 win 4035

08:48:26.738945 Out IP truncated-ip - 654 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 4361:5035(674) ack 0 win 32850

08:48:26.860751 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 18 win 4192

08:48:26.860990 Out IP truncated-ip - 84 bytes missing! 10.1.1.1.23 > 10.1.1.10.

41695: P 18:122(104) ack 22 win 32850

08:48:26.938477 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 5035 win 4380

08:48:27.060477 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 122 win 4166

08:48:27.539748 Out IP truncated-ip - 1003 bytes missing! 10.1.1.1.23 > 10.1.1.1

0.52492: P 5035:6058(1023) ack 0 win 32850

08:48:27.666579 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: ICMP echo request, id 55872, seq 1, length 64

08:48:27.666942 In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 1, length 64

08:48:27.667044 Out IP truncated-ip - 39 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 122:181(59) ack 22 win 32850

08:48:27.734482 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6058 win 4124

08:48:27.734822 Out IP truncated-ip - 32 bytes missing! 10.1.1.1.23 > 10.1.1.10.

52492: P 6058:6110(52) ack 0 win 32850

08:48:27.863095 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 181 win 4152

08:48:27.935312 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6110 win 4111

08:48:28.537666 Out IP truncated-ip - 815 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 6110:6945(835) ack 0 win 32850

08:48:28.665213 Out IP truncated-ip - 24 bytes missing! 10.1.1.1 > 10.1.1.10: ICMP echo request, id 55872, seq 2, length 64

08:48:28.666430 In IP truncated-ip - 24 bytes missing! 10.1.1.10 > 10.1.1.1: ICMP echo reply, id 55872, seq 2, length 64

08:48:28.666693 Out IP truncated-ip - 39 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 181:240(59) ack 22 win 32850

08:48:28.733717 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 6945 win 4380

08:48:28.866415 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 240 win 4137

08:48:29.305837 In IP 10.1.1.10.41695 > 10.1.1.1.23: P 22:23(1) ack 240 win 4137

08:48:29.307282 Out IP 10.1.1.1.23 > 10.1.1.10.41695: P 240:242(2) ack 23 win 32850

08:48:29.507021 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 242 win 4136

08:48:29.507499 Out IP truncated-ip - 154 bytes missing! 10.1.1.1.23 > 10.1.1.10.41695: P 242:416(174) ack 23 win 32850

08:48:29.536520 Out IP truncated-ip - 981 bytes missing! 10.1.1.1.23 > 10.1.1.10.52492: P 6945:7946(1001) ack 0 win 32850

08:48:29.707314 In IP 10.1.1.10.41695 > 10.1.1.1.23: . ack 416 win 4093

08:48:29.730133 In IP 10.1.1.10.52492 > 10.1.1.1.23: . ack 7946 win 4129

92 packets received by filter

0 packets dropped by kernel

Network Utilities

The Junos OS supports Telnet, SSH and FTP clients.

jadmin@JR-1> telnet 10.1.1.10 ?

Possible completions:

<[Enter]> Execute this command

8bit Use 8-bit data path

bypass-routing Bypass routing table, use specified interface

inet Force telnet to IPv4 destination

inet6 Force telnet to IPv6 destination

interface Name of interface for outgoing traffic

logical-system Name of logical system

no-resolve Don't attempt to print addresses symbolically

port Port number or service name on remote host

routing-instance Name of routing instance for telnet session

source Source address to use in telnet connection

| Pipe through a command

jadmin@JR-1> telnet 10.1.1.10 port 21

Trying 10.1.1.10...

Connected to 10.1.1.10.

Escape character is '^]'.

220 3Com 3CDaemon FTP Server Version 2.0

Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]' // JUNOS BREAK SEQUENCE IS CTRL+]

Microsoft Telnet>

Microsoft Telnet> quit

C:\Windows\System32>

I wasn't able to transfer files using the file copy command so I initiated FTP via the FreeBSD shell prompt.

jadmin@JR-1> file copy ftp://ftp@10.1.1.10/test123.txt /var/tmp/test123.txt...

fetch-secure: ftp://ftp@10.1.1.10/test123.txt: Not logged in

error: file-fetch failed

error: could not fetch local copy of file

jadmin@JR-1> start shell

% ftp 10.1.1.10

Connected to 10.1.1.10.

220 3Com 3CDaemon FTP Server Version 2.0

Name (10.1.1.10:jadmin): ftp

331 User name ok, need password

Password:

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> get test123.txt

local: test123.txt remote: test123.txt

200 PORT command successful.

150 File status OK ; about to open data connection

100% |**************************************************| 10 00:00 ETA

226 Closing data connection; File transfer successful.

10 bytes received in 0.10 seconds (0.10 KB/s)

ftp> quit

221 Service closing control connection

% exit

exit

jadmin@JR-1> file list test123.txt

/var/home/jadmin/test123.txt

jadmin@JR-1> file list /var/home/jadmin

/var/home/jadmin:

.ssh/

config123

ftp

test123.txt

jadmin@JR-1> file delete /var/home/jadmin/test123.txt

jadmin@JR-1> file list /var/home/jadmin

/var/home/jadmin:

.ssh/

config123

ftp

Determine the Junos OS Release

You can verify the Junos OS Release using the show version command.

The following are some common Junos OS packages:

jkernel - The kernel and network tools package. This package contains the basic OS files.
jroute - The Routing Engine (RE) package. This package contains the RE software.
jpfe - The Packet Forwarding Engine (PFE) package. This package contains the PFE software.
jdocs - The documentation package. This package contains the documentation (manual) set for the software.
jcrypto - The encryption package. This package contains the domestic security software.

jadmin@JR-1> show version

Hostname: JR-1

Model: olive

JUNOS Base OS boot [12.1R1.9]

JUNOS Base OS Software Suite [12.1R1.9]

JUNOS Kernel Software Suite [12.1R1.9]

JUNOS Crypto Software Suite [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M/T Common) [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M20/M40) [12.1R1.9]

JUNOS Online Documentation [12.1R1.9]

JUNOS Voice Services Container package [12.1R1.9]

JUNOS Border Gateway Function package [12.1R1.9]

JUNOS Services AACL Container package [12.1R1.9]

JUNOS Services LL-PDF Container package [12.1R1.9]

JUNOS Services PTSP Container package [12.1R1.9]

JUNOS Services Stateful Firewall [12.1R1.9]

JUNOS Services NAT [12.1R1.9]

JUNOS Services Application Level Gateways [12.1R1.9]

JUNOS Services Captive Portal and Content Delivery Container package [12.1R1.9]

JUNOS Services RPM [12.1R1.9]

JUNOS Services HTTP Content Management package [12.1R1.9]

JUNOS AppId Services [12.1R1.9]

JUNOS IDP Services [12.1R1.9]

JUNOS Services Crypto [12.1R1.9]

JUNOS Services SSL [12.1R1.9]

JUNOS Services IPSec [12.1R1.9]

JUNOS Runtime Software Suite [12.1R1.9]

JUNOS Routing Software Suite [12.1R1.9]

You can include the detail option to view the software packages and processes included in the Junos OS Release.

jadmin@JR-1> show version ?

Possible completions:

<[Enter]> Execute this command

brief Display brief output

detail Display detailed output

| Pipe through a command

jadmin@JR-1> show version detail

Hostname: JR-1

Model: olive

JUNOS Base OS boot [12.1R1.9]

JUNOS Base OS Software Suite [12.1R1.9]

JUNOS Kernel Software Suite [12.1R1.9]

JUNOS Crypto Software Suite [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M/T Common) [12.1R1.9]

JUNOS Packet Forwarding Engine Support (M20/M40) [12.1R1.9]

JUNOS Online Documentation [12.1R1.9]

JUNOS Voice Services Container package [12.1R1.9]

JUNOS Border Gateway Function package [12.1R1.9]

JUNOS Services AACL Container package [12.1R1.9]

JUNOS Services LL-PDF Container package [12.1R1.9]

JUNOS Services PTSP Container package [12.1R1.9]

JUNOS Services Stateful Firewall [12.1R1.9]

JUNOS Services NAT [12.1R1.9]

JUNOS Services Application Level Gateways [12.1R1.9]

JUNOS Services Captive Portal and Content Delivery Container package [12.1R1.9]

JUNOS Services RPM [12.1R1.9]

JUNOS Services HTTP Content Management package [12.1R1.9]

JUNOS AppId Services [12.1R1.9]

JUNOS IDP Services [12.1R1.9]

JUNOS Services Crypto [12.1R1.9]

JUNOS Services SSL [12.1R1.9]

JUNOS Services IPSec [12.1R1.9]

JUNOS Runtime Software Suite [12.1R1.9]

JUNOS Routing Software Suite [12.1R1.9]

KERNEL 12.1R1.9 #0 built by builder on 2012-03-24 12:52:33 UTC

MGD release 12.1R1.9 built by builder on 2012-03-24 12:36:25 UTC

CLI release 12.1R1.9 built by builder on 2012-03-24 08:36:49 UTC

RPD release 12.1R1.9 built by builder on 2012-03-24 12:56:44 UTC

CHASSISD release 12.1R1.9 built by builder on 2012-03-24 12:56:47 UTC

KMD release 12.1R1.9 built by builder on 2012-03-24 12:22:48 UTC

PKID release 12.1R1.9 built by builder on 2012-03-24 12:23:37 UTC

SENDD release 12.1R1.9 built by builder on 2012-03-24 12:10:29 UTC

DFWD release 12.1R1.9 built by builder on 2012-03-24 12:26:56 UTC

DCD release 12.1R1.9 built by builder on 2012-03-24 12:15:22 UTC

SNMPD release 12.1R1.9 built by builder on 2012-03-24 12:29:27 UTC

MIB2D release 12.1R1.9 built by builder on 2012-03-24 12:49:01 UTC

APSD release 12.1R1.9 built by builder on 2012-03-24 12:20:19 UTC

VRRPD release 12.1R1.9 built by builder on 2012-03-24 12:28:15 UTC

ALARMD release 12.1R1.9 built by builder on 2012-03-24 12:24:08 UTC

PFED release 12.1R1.9 built by builder on 2012-03-24 12:26:50 UTC

CRAFTD release 12.1R1.9 built by builder on 2012-03-24 12:24:16 UTC

SAMPLED release 12.1R1.9 built by builder on 2012-03-24 12:19:14 UTC

ILMID release 12.1R1.9 built by builder on 2012-03-24 12:20:28 UTC

RMOPD release 12.1R1.9 built by builder on 2012-03-24 12:23:52 UTC

COSD release 12.1R1.9 built by builder on 2012-03-24 12:26:22 UTC

FSAD release 12.1R1.9 built by builder on 2012-03-24 12:17:15 UTC

IRSD release 12.1R1.9 built by builder on 2012-03-24 12:13:26 UTC

FUD release 12.1R1.9 built by builder on 2012-03-24 12:43:01 UTC

RTSPD release 12.1R1.9 built by builder on 2012-03-24 08:31:22 UTC

SMARTD release 12.1R1.9 built by builder on 2012-03-24 07:40:18 UTC

SPD release 12.1R1.9 built by builder on 2012-03-24 12:22:47 UTC

JPPPOED release 12.1R1.9 built by builder on 2012-03-24 12:22:18 UTC

RDD release 12.1R1.9 built by builder on 2012-03-24 11:23:09 UTC

PPPD release 12.1R1.9 built by builder on 2012-03-24 12:19:15 UTC

DFCD release 12.1R1.9 built by builder on 2012-03-24 12:25:44 UTC

LACPD release 12.1R1.9 built by builder on 2012-03-24 12:25:53 UTC

LFMD release 12.1R1.9 built by builder on 2012-03-24 11:15:13 UTC

OAMD release 12.1R1.9 built by builder on 2012-03-24 12:13:41 UTC

CFMD release 12.1R1.9 built by builder on 2012-03-24 12:12:22 UTC

JDHCPD release 12.1R1.9 built by builder on 2012-03-24 12:27:48 UTC

PGCPD release 12.1R1.9 built by builder on 2012-03-24 12:56:34 UTC

PSSD release 12.1R1.9 built by builder on 2012-03-24 12:13:53 UTC

SSD release 12.1R1.9 built by builder on 2012-03-24 12:14:23 UTC

MSPD release 12.1R1.9 built by builder on 2012-03-24 11:20:35 UTC

AUTHD release 12.1R1.9 built by builder on 2012-03-24 12:28:24 UTC

PMOND release 12.1R1.9 built by builder on 2012-03-24 12:13:49 UTC

AUTOCONFD release 12.1R1.9 built by builder on 2012-03-24 11:09:11 UTC

JDIAMETERD release 12.1R1.9 built by builder on 2012-03-24 12:17:03 UTC

BDBREPD release 12.1R1.9 built by builder on 2012-03-24 12:11:20 UTC

RES-CLEANUPD release 12.1R1.9 built by builder on 2012-03-24 12:14:09 UTC

SBCCONFD release 12.1R1.9 built by builder on 2012-03-24 12:56:44 UTC

JPPPD release 12.1R1.9 built by builder on 2012-03-24 12:31:08 UTC

SHM-RTSDBD release 12.1R1.9 built by builder on 2012-03-24 12:44:16 UTC

DATAPATH-TRACED release 12.1R1.9 built by builder on 2012-03-24 12:12:11 UTC

SMID release 12.1R1.9 built by builder on 2012-03-24 12:14:23 UTC

SMIHELPERD release 12.1R1.9 built by builder on 2012-03-24 12:26:53 UTC

RELAYD release 12.1R1.9 built by builder on 2012-03-24 12:14:04 UTC

PPMD release 12.1R1.9 built by builder on 2012-03-24 12:14:33 UTC

LMPD release 12.1R1.9 built by builder on 2012-03-24 11:15:35 UTC

LRMUXD release 12.1R1.9 built by builder on 2012-03-24 11:54:53 UTC

PGMD release 12.1R1.9 built by builder on 2012-03-24 12:13:41 UTC

BFDD release 12.1R1.9 built by builder on 2012-03-24 12:37:17 UTC

SDXD release 12.1R1.9 built by builder on 2012-03-24 12:09:56 UTC

AUDITD release 12.1R1.9 built by builder on 2012-03-24 12:10:42 UTC

L2ALD release 12.1R1.9 built by builder on 2012-03-24 12:27:40 UTC

EVENTD release 12.1R1.9 built by builder on 2012-03-24 12:24:53 UTC

MPLSOAMD release 12.1R1.9 built by builder on 2012-03-24 12:18:31 UTC

jroute-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:54 UTC

jkernel-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:15 UTC

ancpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:08 UTC

appsecure-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:10 UTC

aprobe-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:12 UTC

apsd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:14 UTC

cfm-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:17 UTC

clksyncd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:21 UTC

collector-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:25 UTC

demuxd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:27 UTC

dyn-sess-prof-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:29 UTC

elmi-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:31 UTC

fsad-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:33 UTC

gres-test-point-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:34 UTC

ilmid-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:36 UTC

jappid-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:38 UTC

jcrypto-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:41 UTC

jcrypto_junos-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:43 UTC

jddosd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:05 UTC

jdiameterd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:29:57 UTC

jidpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:20 UTC

jkernel_junos-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:54 UTC

jpppd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:30:58 UTC

l2ald-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:36 UTC

lldp-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:38 UTC

mcsnoop-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:40 UTC

mipd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:46 UTC

mo-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:48 UTC

pppd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:50 UTC

pppoed-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:52 UTC

r2cpd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:55 UTC

rdd-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:31:55 UTC

services-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:10 UTC

stp-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:12 UTC

subinfo-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:32:12 UTC

jdocs-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:18:19 UTC

jswitch-actions-dd release 12.1R1.9 built by builder on 2012-03-24 07:28:53 UTC

The Junos OS naming convention format is <package>-<release>-<edition>

package - is the description of the software contents. Ensure to download and install the appropriate image for your device/platform.

jinstall is used on M, T and MX series

jinstall-ex is used on EX series

junos-jsr is used on J series

junos-srx is used on SRX series

release - describes the Junos OS Release. It includes two integers: major and minor release numbers.

R stands for released software

B stands for beta-level or testing software

I stands for internal, test or experimental software

S is reserved for service release

edition - either domestic or export. Domestic version support strong encryption while export do not.

Upgrading the Junos OS

It's good practice to initially check the device storage capacity using the show system storage command before downloading the new Junos OS image . You store the new Junos OS image in the /var/tmp directory.

jadmin@JR-1> show system storage

Filesystem Size Used Avail Capacity Mounted on

/dev/ad0s1a 1008M 256M 671M 28% /

devfs 1.0K 1.0K 0B 100% /dev

/dev/md0 41M 41M 0B 100% /packages/mnt/jbas

/dev/md1 18M 18M 0B 100% /packages/mnt/jker

nel-12.1R1.9

/dev/md2 16M 16M 0B 100% /packages/mnt/jpfe

-M40-12.1R1.9

/dev/md3 5.0M 5.0M 0B 100% /packages/mnt/jdoc

s-12.1R1.9

/dev/md4 78M 78M 0B 100% /packages/mnt/jrou

te-12.1R1.9

/dev/md5 28M 28M 0B 100% /packages/mnt/jcry

pto-12.1R1.9

/dev/md6 46M 46M 0B 100% /packages/mnt/jpfe

-common-12.1R1.9

/dev/md7 388M 388M 0B 100% /packages/mnt/jrun

time-12.1R1.9

/dev/md8 1007M 10.0K 926M 0% /tmp

/dev/md9 1007M 516K 926M 0% /mfs

/dev/ad0s1e 197M 12K 181M 0% /config

procfs 4.0K 4.0K 0B 100% /proc

/dev/ad0s1f 2.8G 36M 2.5G 1% /var

You ucan se the request system software add <path/image-name> command to perform the Junos OS upgrade. You must reboot the system for the new software to take effect using the request system reboot as a separate step or adding the reboot option at the end of the request system software add <path/image-name> command.

It's recommended to monitor the upgrade process and watch for errors via the console.

jadmin@JR-1> request system ?

Possible completions:

certificate Manage X509 certificates

commit Perform commit related operations

configuration Request operation on system configuration

halt Halt the system

logout Forcibly end user's CLI login session

partition Partition storage media

power-off Power off the system

reboot Reboot the system

scripts Manage scripts (commit, op, event)

snapshot Archive data and executable areas

software Perform system software extension or upgrade

storage Request operation on system storage

zeroize Erase all data, including configuration and log files

jadmin@JR-1> request system software ?

Possible completions:

abort Abort software upgrade

add Add extension or upgrade package

delete Remove extension or upgrade package

rollback Attempt to roll back to previous set of packages

validate Verify package compatibility with current configuration

jadmin@JR-1> request system software add ?

Possible completions:

<package-name> URL or pathname of package

best-effort-load Load succeeds if at least one statement is valid

config123 Size: 5295, Last changed: Oct 13 15:06:06

delay-restart Don't restart processes

force Force addition of package (ignore warnings)

ftp Size: 5295, Last changed: Oct 18 08:59:48

no-copy Don't save copies of package files

no-validate Don't check compatibility with current configuration

q Size: 1379, Last changed: Oct 13 13:35:53

reboot Reboot system after adding package

test123.txt Size: 10, Last changed: Sep 18 19:05:31

unlink Remove the package after successful installation

validate Check compatibility with current configuration

jadmin@JR-1> request system software add /var/tmp/junos-12.1R1.9-domestic ?

Possible completions:

<[Enter]> Execute this command

best-effort-load Load succeeds if at least one statement is valid

delay-restart Don't restart processes

force Force addition of package (ignore warnings)

no-copy Don't save copies of package files

no-validate Don't check compatibility with current configuration

reboot Reboot system after adding package

unlink Remove the package after successful installation

validate Check compatibility with current configuration

| Pipe through a command

jadmin@JR-1> request system software add /var/tmp/junos-12.1R1.9-domestic reboot

You can delete the Junos OS images stored in the /var/tmp directory when you perform the file system cleanup using the request system storage cleanup command. You can proactively check which files will be cleaned up using the request system storage cleanup dry-run command.

jadmin@JR-1> request system storage ?

Possible completions:

cleanup Clean up temporary files and rotate logs

jadmin@JR-1> request system storage cleanup ?

Possible completions:

<[Enter]> Execute this command

dry-run Only list the cleanup candidates, do not remove them

| Pipe through a command

jadmin@JR-1> request system storage cleanup dry-run

List of files to delete:

Size Date Name

41.9K Oct 18 12:42 /var/log/interactive-commands.0.gz

8409B Oct 11 01:14 /var/log/interactive-commands.1.gz

50.2K Oct 18 12:42 /var/log/messages.0.gz

23.4K Oct 11 01:14 /var/log/messages.1.gz

133B Oct 18 12:42 /var/log/smartd.trace.0.gz

564B Oct 11 01:14 /var/log/smartd.trace.1.gz

877B Oct 18 12:23 /var/log/wtmp.0.gz

170B Oct 11 00:55 /var/log/wtmp.1.gz

143B Oct 10 20:23 /var/log/wtmp.2.gz

341B Mar 26 2013 /var/log/wtmp.3.gz

119B May 9 2012 /var/log/wtmp.4.gz

695B Oct 18 07:23 /var/tmp/acc_transfer_link_16422_err

695B Oct 18 07:23 /var/tmp/acc_transfer_link_16970_err

695B Oct 18 07:23 /var/tmp/acc_transfer_link_17313_err

124.0K Mar 27 2013 /var/tmp/gres-tp/env.dat

0B May 9 2012 /var/tmp/gres-tp/lock

155B Oct 10 22:20 /var/tmp/krt_gencfg_filter.txt

0B Oct 10 20:23 /var/tmp/rtsdb/if-rtsdb

Unified In-Service Software Upgrade (ISSU)

The Unified In-Service Software Upgrade (ISSU) feature allows you to upgrade a Junos OS in a dual Routing Engine (RE) with no disruption on the control plane. The Graceful Routing Engine Switchover (GRES) and Nonstop Active Routing (NSR) must be both enabled. The Master RE and Backup RE must run the same software before performing a unified ISSU. You can't take out any Physical Interface Card (PIC) online or offline when performing a unified ISSU.

The following are the steps in performing a Unified ISSU:

Enable GRES and NSR and verify the Master RE, Backup RE and protocols are synchronized.
Download and transfer the new software package to the router.
Issue the request system software in-service-upgrade command on the Master RE.

Password Recovery

You can only perform a system password (root) only at the console port.

The following are the steps in performing a password recovery:

Reboot the system > press space bar when prompted > type boot -s to access single user mode
Enter recovery when prompted for recovery mode
Type configure > set system root-authentication plain-text-password > type the new root password
commit the change > exit and reboot the system

My Network Lab

Friday, March 19, 2021

Enable Secure Copy (SCP) in a Cisco Router

Friday, March 5, 2021

Juniper Networks Monitoring and System Maintenance