What works best for me is to do the following: Go to Network Wide>Packet Capture Select the primary uplink port on your switch to the MX or the MX WAN port and do one or more captures for the desired duration and export to wireshark pcap file. Open the file in Wireshark and chose Statistics>Endpoints and you can sort and view for offenders. Otherwise, as you may have observed and as @AjitKumar pointed out, the smallest window you can see is the last 2 hours which really isn't useful for your scenario.
... View more
