08-14-2009 08:29 AM
Running into some issues and need to obtain a packet capture from a M10i. The problem is the traffic that I need to capture is from a GRE tunnel interface. Is there any way to obtain this packet capture? From reading the docs so far packet capture from a GRE tunnel can't be done.
Any assistance would be greatly appreciated.
08-14-2009 08:36 AM
What kind of traffic you want to capture? It is not possible to capture any transit traffic on Junos. If you run e.g. OSPF over GRE tunnel than you should be able to capture OSPF packets on gr interface.
08-14-2009 10:28 AM
you would not be able to use tcpdump on Junos deviec to capture (decode) this traffic. You could mirror the packets to e.g. ethernet port (which is then connected to external analyzer) but then you would just get IPSec in GRE data (I assume you would like to see unencrypted received traffic within IPSec tunne, right?).
08-22-2009 11:50 AM
As Michael said, the transit traffic can be port-mirrored to an external analyzer which does not need to be directly connected to this box, it can be remote.
You have 2 options:
- if this GRE/IPSec tunnel is terminated on this box, use port-mirroring on egress interface to redirect decrypted traffic to an analyzer
- if this GRE/IPSec tunnel is NOT terminated on this box, use either ingress or egress port-mirroring and try to decode it in Wireshark.
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !