I did some testing - it doesn't look like there is any difference in what gets captured or reported based on a r/w user vs a root user, but that sort of makes my problem a bit different....
I have a snoop filter setup on both the spoke and hub.
Snoop filter is an IP filter for an IP at the hub side.
Communication is heading from a host at the spoke to the hub.
I see packets (UDP packets to be specific) reach the spoke's lan interface and get sent along the tunnel interface.
On the hub side capture i do NOT see the packets, yet I know that they must be making it for 2 reasons:
1. I have partial connectivity between systems
2. I see reply packets on the spoke side
If i do something like ping the hubside destination from the spoke, my snoop DOES capture that.
Any ideas what can be causing this?
Thanks in advance,
-Chris