Junos and Junosphere
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
jasonmathew1
Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

packet capture

Options

‎08-14-2009 08:29 AM

Folks, 

 

Running into some issues and need to obtain a packet capture from a M10i.  The problem is the traffic that I need to capture is from a GRE tunnel interface.  Is there any way to obtain this packet capture?  From reading the docs so far packet capture from a GRE tunnel can't be done.

 

Any assistance would be greatly appreciated.

 

-Jason

Message 1 of 7 (5,948 Views)
 
Reply
jasonmathew1
Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

Re: packet capture

Options

‎08-14-2009 08:34 AM

I forgot to mention this is a GRE over IPSec tunnel so I don't think I will be able to capture on the physical interface...
Message 2 of 7 (5,944 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
mikep
Posts: 481
Registered: ‎06-30-2009
0

Re: packet capture

Options

‎08-14-2009 08:36 AM

Hi,

What kind of traffic you want to capture? It is not possible to capture any transit traffic on Junos. If you run e.g. OSPF over GRE tunnel than you should be able to capture OSPF packets on gr interface.

Kind Regards
Michael Pergament
Message 3 of 7 (5,943 Views)
 
Reply
jasonmathew1
Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

Re: packet capture

Options

‎08-14-2009 08:42 AM

Unfortunately, I do need to capture transit traffic. 

 

Is it possible to copy and redirect the traffic to an Ethernet interface from a GRE tunnel?

Message 4 of 7 (5,940 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
mikep
Posts: 481
Registered: ‎06-30-2009
0

Re: packet capture

Options

‎08-14-2009 10:28 AM

Hi,

 

you would not be able to use tcpdump on Junos deviec to capture (decode) this traffic. You could mirror the packets to e.g. ethernet port (which is then connected to external analyzer) but then you would just get IPSec in GRE data (I assume you would like to see unencrypted received traffic within IPSec tunne, right?). 

 

Regards

Michael Pergament

Message 5 of 7 (5,917 Views)
 
Reply
jasonmathew1
Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

Re: packet capture

Options

‎08-21-2009 07:53 AM

Hi Michael,

 

Yes I'd like to capture the unencrypted traffic.

 

Thanks,

Jason

Message 6 of 7 (5,826 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,176
Registered: ‎08-21-2009
0

Re: packet capture

Options

‎08-22-2009 11:50 AM

Hello Jason,

As Michael said, the transit traffic can be port-mirrored to an external analyzer which does not need to be directly connected to this box, it can be remote.

You have 2 options:

- if this GRE/IPSec tunnel is terminated on this box, use port-mirroring on egress interface to redirect decrypted traffic to an analyzer

- if this GRE/IPSec tunnel is NOT terminated on this box, use either ingress or egress port-mirroring and try to decode it in Wireshark.

Rgds

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 7 of 7 (5,797 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.