Log traffic between two end points?

Ben_Giles — Fri, 06 Apr 2018 07:15:00 GMT

I have the following extreme switches running layer 2 and layer 3 for our organisation:

X670 G1 Firmware 16.2.2.4
X670 G2 Firmware 21.1.1.4

What is my easiest option for capturing layer 3 conversations from a source IP range?

I'd like to know what hosts in our DMZ are communicating to internal servers, so basically just capture anything with a source of x.x.x.x/27

Perhaps something like remote mirroring the inbound ISP ports to a Linux machine running TCPDUMP to capture, or a windows box running wireshark with a filter?

RE: Log traffic between two end points?

Frank — Wed, 01 Aug 2018 16:03:00 GMT

What I've done in the past is port-mirroring, where you can even mirror a port to a remote-port, meaning your wireshark/whatever probe can site on a completely different switch.

The other option is to tcpdump locally ON the switch. Yes, there's a packet capture command! Of course you may not want to keep that running forever - the switch does have limited space...
I usually just need to troubleshoot things and capture a few minutes of traffic, then tftp the captured file to a server and read it through wireshark after the capture. You could possibly even script that (capture this much data, stop, transfer file, erase file, start capturing again, rinse-repeat)

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-perform-a-local-packet-capture-on-a...

https://gtacknowledge.extremenetworks.com/articles/How_To/Perform-a-packet-capture-in-the-EXOS-CLI-using-the-command-debug-packet-capture That's the one I usually go by.

Sorry, wanted to reply 2 days ago...

Frank

topic RE: Log traffic between two end points? in ExtremeSwitching (EXOS/Switch Engine)

Log traffic between two end points?

RE: Log traffic between two end points?