Juniper SRX Monitor Traffic

Host:
root# run monitor traffic interface ge-0/0/x matching "host 10.130.38.94" no-resolve

Protocol:
root# run monitor traffic interface ge-0/0/x matching arp

Port:
root# run monitor traffic interface ge-0/0/x matching "port 22"

IP address:
root# run monitor traffic interface ge-0/0/x matching "host 10.130.38.94" no-resolve detail

A network:
root# run monitor traffic interface ge-0/0/x matching "net 225.1.1.0/24" no-resolve detail

TCP port 179:
root# run monitor traffic interface ge-0/0/x matching "tcp port 179"


UDP port 646:
root# run monitor traffic interface ge-0/0/x matching "udp port 646"

Increase the size of capture:
root# run monitor traffic interface ge-0/0/x matching arp size 1500

Save the capture to a file:
root# run monitor traffic interface ge-0/0/x matching arp write-file capture.pcap <<<<< write-file is a hidden command so type it out

Matching "not tcp port 3128” and matching tcp port 23
root# run monitor traffic interface ge-0/0/x matching "not tcp port 3128 and tcp port 23"

Matching BDPUs
monitor traffic interface ge-0/0/1 no-resolve size 1500 layer2-headers matching "ether dst 01:80:c2:00:00:00"

A more complicated combination but might be useful in some cases:
root# run monitor traffic interface ge-0/0/x matching "arp or (icmp and host 3.3.3.2)"