Junos
Reply
Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

packet capture

Folks, 

 

Running into some issues and need to obtain a packet capture from a M10i.  The problem is the traffic that I need to capture is from a GRE tunnel interface.  Is there any way to obtain this packet capture?  From reading the docs so far packet capture from a GRE tunnel can't be done.

 

Any assistance would be greatly appreciated.

 

-Jason

Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

Re: packet capture

I forgot to mention this is a GRE over IPSec tunnel so I don't think I will be able to capture on the physical interface...
Distinguished Expert
mikep
Posts: 483
Registered: ‎06-30-2009
0

Re: packet capture

Hi,

What kind of traffic you want to capture? It is not possible to capture any transit traffic on Junos. If you run e.g. OSPF over GRE tunnel than you should be able to capture OSPF packets on gr interface.

Kind Regards
Michael Pergament
Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

Re: packet capture

Unfortunately, I do need to capture transit traffic. 

 

Is it possible to copy and redirect the traffic to an Ethernet interface from a GRE tunnel?

Distinguished Expert
mikep
Posts: 483
Registered: ‎06-30-2009
0

Re: packet capture

Hi,

 

you would not be able to use tcpdump on Junos deviec to capture (decode) this traffic. You could mirror the packets to e.g. ethernet port (which is then connected to external analyzer) but then you would just get IPSec in GRE data (I assume you would like to see unencrypted received traffic within IPSec tunne, right?). 

 

Regards

Michael Pergament

Visitor
jasonmathew1
Posts: 4
Registered: ‎03-24-2008
0

Re: packet capture

Hi Michael,

 

Yes I'd like to capture the unencrypted traffic.

 

Thanks,

Jason

Distinguished Expert
aarseniev
Posts: 1,697
Registered: ‎08-21-2009
0

Re: packet capture

Hello Jason,

As Michael said, the transit traffic can be port-mirrored to an external analyzer which does not need to be directly connected to this box, it can be remote.

You have 2 options:

- if this GRE/IPSec tunnel is terminated on this box, use port-mirroring on egress interface to redirect decrypted traffic to an analyzer

- if this GRE/IPSec tunnel is NOT terminated on this box, use either ingress or egress port-mirroring and try to decode it in Wireshark.

Rgds

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.