one-way traffic only

RCDCap is a remote capture preprocessor

Brought to you by: zero_effect

#2 one-way traffic only

Milestone: 0.9

Status: wont-fix

Owner: nobody

Labels: None

Updated: 2020-05-08

Created: 2018-02-23

Creator: Ed Davison

Private: No

I have installed rcdcap 0.8 on Ubunto 14.04 server.
Cisco CSR 1000v configured with an ERSPAN pointing to my server.
ERSPAN configured as:

monitor session 1 type erspan-source
 description sniff to in-network
 source interface Gi2
 destination
  erspan-id 1
  mtu 1464
  ip address 172.20.44.168
  origin ip address 172.20.44.4

rcdcap running as:

rcdcap -i eth1 --erspan --tap-persist --tap-device mon1

When monitoring traffic with tcpdump/wireshark on mon1 I am only seeing packets in one direction.
I have already done a packet capture on the Cisco switch using the web UI and wireshark shows packets both directions on the interface monitored by the ERSPAN.

How do I troubleshoot this?

Discussion

Zero effect - 2019-03-22

Are the remote packets in one direction or the local packets?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Zero effect - 2020-05-08

status: open --> wont-fix
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

one-way traffic only

RCDCap is a remote capture preprocessor

Milestone

Searches

Help

#2 one-way traffic only

Discussion