Junos
Junos

packet capture

08.14.09   |  
‎08-14-2009 08:29 AM

Folks, 

 

Running into some issues and need to obtain a packet capture from a M10i.  The problem is the traffic that I need to capture is from a GRE tunnel interface.  Is there any way to obtain this packet capture?  From reading the docs so far packet capture from a GRE tunnel can't be done.

 

Any assistance would be greatly appreciated.

 

-Jason

6 REPLIES
Junos

Re: packet capture

08.14.09   |  
‎08-14-2009 08:34 AM
I forgot to mention this is a GRE over IPSec tunnel so I don't think I will be able to capture on the physical interface...
Junos

Re: packet capture

08.14.09   |  
‎08-14-2009 08:36 AM
Hi,

What kind of traffic you want to capture? It is not possible to capture any transit traffic on Junos. If you run e.g. OSPF over GRE tunnel than you should be able to capture OSPF packets on gr interface.

Kind Regards
Michael Pergament
Junos

Re: packet capture

08.14.09   |  
‎08-14-2009 08:42 AM

Unfortunately, I do need to capture transit traffic. 

 

Is it possible to copy and redirect the traffic to an Ethernet interface from a GRE tunnel?

Junos

Re: packet capture

08.14.09   |  
‎08-14-2009 10:28 AM

Hi,

 

you would not be able to use tcpdump on Junos deviec to capture (decode) this traffic. You could mirror the packets to e.g. ethernet port (which is then connected to external analyzer) but then you would just get IPSec in GRE data (I assume you would like to see unencrypted received traffic within IPSec tunne, right?). 

 

Regards

Michael Pergament

Highlighted
Junos

Re: packet capture

08.21.09   |  
‎08-21-2009 07:53 AM

Hi Michael,

 

Yes I'd like to capture the unencrypted traffic.

 

Thanks,

Jason

Junos

Re: packet capture

08.22.09   |  
‎08-22-2009 11:50 AM

Hello Jason,

As Michael said, the transit traffic can be port-mirrored to an external analyzer which does not need to be directly connected to this box, it can be remote.

You have 2 options:

- if this GRE/IPSec tunnel is terminated on this box, use port-mirroring on egress interface to redirect decrypted traffic to an analyzer

- if this GRE/IPSec tunnel is NOT terminated on this box, use either ingress or egress port-mirroring and try to decode it in Wireshark.

Rgds

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !