This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

Juniper mirror encapsulation (jmirror)

Juniper E Series routers have the ability to perform packet mirroring. Packet mirroring enables you to automatically send a copy of a packet to an external host for analysis. Packet mirroring has many uses, including traffic debugging and troubleshooting user networking problems.

The E Series JUNOSe software provides two methods that you can use to configure and manage your packet-mirroring environment — CLI-based and RADIUS-based.

The prepended UDP header The UDP transport of mirrored packets applies only to the RADIUS-based option. Juniper E Series router can be configured to mirror packets to another endpoint using UDP as a transport.

XXX - add some details on how this is done?

History

XXX - add a brief description of PROTO history

Protocol dependencies

Example traffic

XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).

Wireshark

The PROTO dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.

Preference Settings

The jmirror dissector has a UDP port number preference to tell it which on which UDP port to listen for jmirror packets.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of jmirror display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter jmirror protocols while capturing. However, if you know the UDP port used (see above), you can filter on that one.

Discussion