ExtremeSwitching (EXOS)

Expand all | Collapse all

Log traffic between two end points?

  • 1.  Log traffic between two end points?

    Posted 04-06-2018 00:15
    I have the following extreme switches running layer 2 and layer 3 for our organisation:

    X670 G1 Firmware 16.2.2.4
    X670 G2 Firmware 21.1.1.4

    What is my easiest option for capturing layer 3 conversations from a source IP range?

    I'd like to know what hosts in our DMZ are communicating to internal servers, so basically just capture anything with a source of x.x.x.x/27

    Perhaps something like remote mirroring the inbound ISP ports to a Linux machine running TCPDUMP to capture, or a windows box running wireshark with a filter?


  • 2.  RE: Log traffic between two end points?

    Posted 08-01-2018 09:03
    What I've done in the past is port-mirroring, where you can even mirror a port to a remote-port, meaning your wireshark/whatever probe can site on a completely different switch.

    The other option is to tcpdump locally ON the switch. Yes, there's a packet capture command! Of course you may not want to keep that running forever - the switch does have limited space...
    I usually just need to troubleshoot things and capture a few minutes of traffic, then tftp the captured file to a server and read it through wireshark after the capture. You could possibly even script that (capture this much data, stop, transfer file, erase file, start capturing again, rinse-repeat)

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-perform-a-local-packet-capture-on-a...

    https://gtacknowledge.extremenetworks.com/articles/How_To/Perform-a-packet-capture-in-the-EXOS-CLI-using-the-command-debug-packet-capture That's the one I usually go by.

    Sorry, wanted to reply 2 days ago...

    Frank