topic RE: Packet capture EXOS 22.3.1.4 in ExtremeSwitching (EXOS/Switch Engine) https://community.extremenetworks.com/t5/extremeswitching-exos-switch/packet-capture-exos-22-3-1-4/m-p/49605#M13174 Hi Goncalo,<BR /> <BR /> 6 months before i play around and test this feature also - X460 - 22.2.x. I was also disappointed because it does not really help in field (customers environment) - it can help in lab environment.<BR /> <BR /> The heaviest burden is that only CPU bound traffic are captured (reliable). BUT on a modern LAN Switch most traffic is handled by ASIC not by CPU. Thats the why you not see what you expect.<BR /> <BR /> This feature is (from my point of view) only a fall-out for GTAC and developers to analyse why CPU or bcmRX process load is heavy. (It seems) that all cases are not considered.<BR /> <BR /> Maybe you can get better results if you redirect interesting Traffic via ACL to CPU (that is a possible Action with Extreme ACLS). But i never test this. <BR /> <BR /> Another possibility is to use "Mirroring to Remote IP Addresses". <BR /> But you can see at this thread below - it works also not satisfactory ;-(<BR /> <A href="https://community.extremenetworks.com/extreme/topics/exos-using-new-feature-mirroring-to-remote-ip-addresses" target="_blank" rel="nofollow noreferrer noopener">https://community.extremenetworks.com/extreme/topics/exos-using-new-feature-mirroring-to-remote-ip-a...</A><BR /> <BR /> i hope EXOS developers will retouch and improve in both cases.<BR /> <BR /> At Fortigate firewalls for example you have the same problem with sniffing/debugging and ASIC-based traffic handling. There you can disable this "Network process offload" for specific traffic to see and debug all interessted traffic with sniffer and debug tools. <BR /> That will be what i wish for EXOS too.<BR /> <BR /> Regards,<BR /> Matthias<BR /> <BR /> Mon, 05 Mar 2018 15:31:00 GMT M_Nees 2018-03-05T15:31:00Z Packet capture EXOS 22.3.1.4 https://community.extremenetworks.com/t5/extremeswitching-exos-switch/packet-capture-exos-22-3-1-4/m-p/49604#M13173 Hi, I am trying to do a capture on a switchport i have used different commands, but it looks like they only capture internal traffic.<BR /> <BR /> This command should capture packets only on port X and on Vlan X<BR /> <BR /> debug packet capture ports 2:3 on vlan Administrativa-C cmd-args "-c 50"<BR /> when i open the capture in wireshark i see packets from another vlan also the only packets i see are broadcast and arp request. <BR /> <BR /> I wonder if this is the correct command, or if there is an issue with packet capture on EXOS 22.3.1.4<BR /> <BR /> Regards<BR /> Gonçalo Reis<BR /> <BR /> Fri, 02 Mar 2018 19:49:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/packet-capture-exos-22-3-1-4/m-p/49604#M13173 GONÇALO_NUNO_CO 2018-03-02T19:49:00Z RE: Packet capture EXOS 22.3.1.4 https://community.extremenetworks.com/t5/extremeswitching-exos-switch/packet-capture-exos-22-3-1-4/m-p/49605#M13174 Hi Goncalo,<BR /> <BR /> 6 months before i play around and test this feature also - X460 - 22.2.x. I was also disappointed because it does not really help in field (customers environment) - it can help in lab environment.<BR /> <BR /> The heaviest burden is that only CPU bound traffic are captured (reliable). BUT on a modern LAN Switch most traffic is handled by ASIC not by CPU. Thats the why you not see what you expect.<BR /> <BR /> This feature is (from my point of view) only a fall-out for GTAC and developers to analyse why CPU or bcmRX process load is heavy. (It seems) that all cases are not considered.<BR /> <BR /> Maybe you can get better results if you redirect interesting Traffic via ACL to CPU (that is a possible Action with Extreme ACLS). But i never test this. <BR /> <BR /> Another possibility is to use "Mirroring to Remote IP Addresses". <BR /> But you can see at this thread below - it works also not satisfactory ;-(<BR /> <A href="https://community.extremenetworks.com/extreme/topics/exos-using-new-feature-mirroring-to-remote-ip-addresses" target="_blank" rel="nofollow noreferrer noopener">https://community.extremenetworks.com/extreme/topics/exos-using-new-feature-mirroring-to-remote-ip-a...</A><BR /> <BR /> i hope EXOS developers will retouch and improve in both cases.<BR /> <BR /> At Fortigate firewalls for example you have the same problem with sniffing/debugging and ASIC-based traffic handling. There you can disable this "Network process offload" for specific traffic to see and debug all interessted traffic with sniffer and debug tools. <BR /> That will be what i wish for EXOS too.<BR /> <BR /> Regards,<BR /> Matthias<BR /> <BR /> Mon, 05 Mar 2018 15:31:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/packet-capture-exos-22-3-1-4/m-p/49605#M13174 M_Nees 2018-03-05T15:31:00Z RE: Packet capture EXOS 22.3.1.4 https://community.extremenetworks.com/t5/extremeswitching-exos-switch/packet-capture-exos-22-3-1-4/m-p/49606#M13175 Hi Matthias, thanks for the info. Now it makes sense what i was seing in the pcap files.<BR /> <BR /> Regards<BR /> Gonçalo Mon, 05 Mar 2018 15:31:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/packet-capture-exos-22-3-1-4/m-p/49606#M13175 GONÇALO_NUNO_CO 2018-03-05T15:31:00Z