Transit traffic is defined as traffic that passesthroughthe SRX (not destined to the Routing Engine). To capture transit traffic:
Sampling and port mirroring (Option D)are the correct supported methods for capturing or exporting transit traffic. Sampling allows captured packets to be sent to a file or collector, while port mirroring sends a copy to a monitoring interface.
Option A:Firewall filters on an egress interface cannot directly capture packets; they can only count, accept, discard, or sample. Sampling itself is separate.
Option B:Loopback interface (lo0) is for control-plane traffic, not transit traffic.
Option C:tcpdump is not supported on SRX as a tool for capturing transit packets; the operational command monitor traffic interface is used, but sampling/port mirroring is the recommended scalable approach.
Correct Method:Sampling and port mirroring
[Reference:Juniper Networks –Traffic Monitoring and Troubleshooting, Junos OS Security Fundamentals., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit