Packet capture EXOS 22.3.1.4

  • 0
  • 2
  • Question
  • Updated 3 months ago
  • Answered
Hi, I am trying to do a capture on a switchport i have used different commands, but it looks like they only capture internal traffic.

This command should capture packets only on port X and on Vlan X

 debug packet capture ports 2:3 on vlan Administrativa-C cmd-args "-c 50"

when i open the capture in wireshark i see packets from another vlan also the only packets i see are broadcast and arp request. 

I wonder if this is the correct command, or if there is an issue with packet capture on EXOS 22.3.1.4

Regards
Gonçalo Reis
Photo of GONÇALO NUNO CONTENTE PIMENTEL DA SILVA REIS

Posted 3 months ago

  • 0
  • 2
Photo of M.Nees

M.Nees, Embassador

  • 8,874 Points 5k badge 2x thumb
Hi Goncalo,

6 months before i play around and test this feature also - X460 - 22.2.x. I was also disappointed because it does not really help in field (customers environment) - it can help in lab environment.

The heaviest burden is that only CPU bound traffic are captured (reliable). BUT on a modern LAN Switch most traffic is handled by ASIC not by CPU. Thats the why you not see what you expect.

This feature is (from my point of view) only a fall-out for GTAC and developers to analyse why CPU or bcmRX process load is heavy. (It seems) that all cases are not considered.

Maybe you can get better results if you redirect interesting Traffic via ACL to CPU (that is a possible Action with Extreme ACLS). But i never test this.


Another possibility is to use "Mirroring to Remote IP Addresses".
But you can see at this thread below - it works also not satisfactory ;-(
https://community.extremenetworks.com/extreme/topics/exos-using-new-feature-mirroring-to-remote-ip-a...


i hope EXOS developers will retouch and improve in both cases.

At Fortigate firewalls for example you have the same problem with sniffing/debugging and ASIC-based traffic handling. There you can disable this "Network process offload" for specific traffic to see and debug all interessted traffic with sniffer and debug tools.
That will be what i wish for EXOS too.

Regards,
Matthias
Hi Matthias, thanks for the info. Now it makes sense what i was seing in the pcap files.

Regards
Gonçalo