Verify the GRE/UDP tunnel between vSCOUT and vSTREAM: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
vSCOUT does not produce session detail records nor does it store packets . However, you can still gain access to session details and packet-level data by configuring traffic forwarding from vSCOUT to vSTREAM or InfiniStream interface managed by the same nGeniusONE server. Forwarded packets can be stripped out of the tunnel and made availabe for packet-level analysis on the receiving interface. | vSCOUT does not produce session detail records nor does it store packets . However, you can still gain access to session details and packet-level data by configuring traffic forwarding from vSCOUT to vSTREAM or InfiniStream interface managed by the same nGeniusONE server. Forwarded packets can be stripped out of the tunnel and made availabe for packet-level analysis on the receiving interface. | ||
This procedure allows you to verify the existance of the tunnel i.e. packets being transported between vSCOUT and vSTREAM | This procedure allows you to verify the existance of the tunnel i.e. packets being transported between vSCOUT and vSTREAM. | ||
| | ||
== Solution == | == Solution == | ||
This procedure assumes vSCOUT/vSTREAM has been installed and configured correctly by COMCERT engineers and has worked correcly. | |||
On vSTREAM: | On vSTREAM: | ||
| Line 16: | Line 18: | ||
First we need to identify the interface terminating the GRE or UDP tunnel | First we need to identify the interface terminating the GRE or UDP tunnel | ||
Execute the command | Execute the command: | ||
<pre># | <pre># cat /opt/NetScout/rtm/bin/monitor_ip.conf</pre> | ||
Should output: | |||
<pre>[root@CRT-VIR-A-VSTREAM6 ~]# cat /opt/NetScout/rtm/bin/monitor_ip.conf | |||
eth1:10.165.30.185 | |||
</pre> | |||
In this example, we want to test the tunnel between the vSCOUT running on host <IP-VSCOUT> and the vSTREAM whlle the tunnel is terminating on interface <INT>. | |||
There is only traffic from vSCOUT towards vSTREAM. To visulalize this traffic, execute the command: | |||
<pre># tcpdump -i <INT> src host <IP-VSCOUT></pre> | |||
Example: | |||
<pre># tcpdump -i eth1 host 52.29.161.66 | |||
</pre> | </pre> | ||
Should output: | |||
# tcpdump -i eth1 host 52.29.161.66<br/> tcpdump: /lib64/libcrypto.so.10: no version information available (required by tcpdump)<br/> tcpdump: WARNING: eth1: no IPv4 address assigned<br/> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br/> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes<br/> 07:19:06.259943 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12167, length 40<br/> 07:19:06.260114 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12168, length 40<br/> 07:19:06.286638 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12167, length 40<br/> 07:19:06.286642 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12168, length 40<br/> 07:19:11.248473 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12198, length 40<br/> 07:19:11.248592 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12199, length 40<br/> 07:19:11.274693 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12198, length 40<br/> 07:19:11.274698 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12199, length 40<br/> | |||
| |||
| |||
Note that you will only see GRE or UDP traffic when there is activity on the host running vSCOUT. | |||
| |||
| |||
| |||
| |||
| | ||
Revision as of 06:31, 1 March 2018
Introduction
vSCOUT does not produce session detail records nor does it store packets . However, you can still gain access to session details and packet-level data by configuring traffic forwarding from vSCOUT to vSTREAM or InfiniStream interface managed by the same nGeniusONE server. Forwarded packets can be stripped out of the tunnel and made availabe for packet-level analysis on the receiving interface.
This procedure allows you to verify the existance of the tunnel i.e. packets being transported between vSCOUT and vSTREAM.
Solution
This procedure assumes vSCOUT/vSTREAM has been installed and configured correctly by COMCERT engineers and has worked correcly.
On vSTREAM:
Login to vSTREAM CLI (ssh) as root
First we need to identify the interface terminating the GRE or UDP tunnel
Execute the command:
# cat /opt/NetScout/rtm/bin/monitor_ip.conf
Should output:
[root@CRT-VIR-A-VSTREAM6 ~]# cat /opt/NetScout/rtm/bin/monitor_ip.conf eth1:10.165.30.185
In this example, we want to test the tunnel between the vSCOUT running on host <IP-VSCOUT> and the vSTREAM whlle the tunnel is terminating on interface <INT>.
There is only traffic from vSCOUT towards vSTREAM. To visulalize this traffic, execute the command:
# tcpdump -i <INT> src host <IP-VSCOUT>
Example:
# tcpdump -i eth1 host 52.29.161.66
Should output:
- tcpdump -i eth1 host 52.29.161.66
tcpdump: /lib64/libcrypto.so.10: no version information available (required by tcpdump)
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
07:19:06.259943 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12167, length 40
07:19:06.260114 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12168, length 40
07:19:06.286638 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12167, length 40
07:19:06.286642 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12168, length 40
07:19:11.248473 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12198, length 40
07:19:11.248592 IP CRT-VIR-W-TLG.comcert.crt > ec2-52-29-161-66.eu-central-1.compute.amazonaws.com: ICMP echo request, id 35, seq 12199, length 40
07:19:11.274693 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12198, length 40
07:19:11.274698 IP ec2-52-29-161-66.eu-central-1.compute.amazonaws.com > CRT-VIR-W-TLG.comcert.crt: ICMP echo reply, id 35, seq 12199, length 40
Note that you will only see GRE or UDP traffic when there is activity on the host running vSCOUT.