Juniper mirror encapsulation (jmirror)
This file tries to help you add a new protocol to the wiki. Edit anything as appropriate to the specific protocol and replace any appearance of PROTO/proto/protofirstletter by your protocols name (and remove this text line before saving!).
XXX - add a brief PROTO description here
Juniper switches can be configured to mirror packets to another endpoint using UDP as a transport.
XXX - add some details on how this is done?
XXX - add a brief description of PROTO history
UDP: jmirror is transported over UDP. No specific port number is used nor assigned.
XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).
The PROTO dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.
The jmirror dissector has a UDP port number preference to tell it which on which UDP port to listen for jmirror packets.
Example capture file
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of jmirror display filter fields can be found in the display filter reference
Show only the PROTO based traffic:
You cannot directly filter jmirror protocols while capturing. However, if you know the UDP port used (see above), you can filter on that one.
Capture only the mirror traffic over port (30030):
udp port 30030
- add link to PROTO specification and where to find additional info on the web about it, e.g.:
jmirror header - format of jmirror packets