Patch for stripping ERSPAN type II
MING FU via Argus-info
argus-info at lists.andrew.cmu.edu
Thu Nov 12 13:15:01 EST 2015
Hi Carter,
The ERSPAN is similar to the tranaparent bridge encapsulation for VMWare. The encapsulation is like encap-ether:encap-ip:GRE:erspan:original-ether:original-ip:...I just need to strip the outer headers. i didn't add an DLT type.
Regards,Ming
From: Carter Bullard <carter at qosient.com>
To: MING FU <fuming188 at yahoo.ca>
Cc: Argus <argus-info at lists.andrew.cmu.edu>
Sent: Thursday, November 12, 2015 12:39 PM
Subject: Re: [ARGUS] Patch for stripping ERSPAN type II
Hey Ming,Thanks !! I haven't had a chance to look at the patch, but did you add a parser for a new DLT_TYPE, or did you use another strategy. Are there other DLT_TYPES that you need ???
Hope all is most excellent,Carter
On Nov 10, 2015, at 1:58 PM, MING FU via Argus-info <argus-info at lists.andrew.cmu.edu> wrote:
Hi Carter,
I have a patch to strip off Cisco ERSPAN type II header and reveal its encapsulated Ethernet payload. This currently only strip the header off. It does not make use of the VLAN ID in the header yet.
If someone has sample traffic for ERSPAN type III or ERSPAN type II with the VLAN ID set. I would appreciate if you can with me share some pcap capture.
Best Regards,Ming
<patchfile>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20151112/c4f205dd/attachment.html>
More information about the argus
mailing list