Community discussions

 
User avatar
LatinSuD
Member Candidate
Member Candidate
Topic Author
Posts: 174
Joined: Wed Jun 29, 2005 1:05 pm
Location: Spain
Contact:

No TX sniffed on hardware offloaded ports

Tue Apr 30, 2019 1:17 pm

Hi.

I see no traffic when sniffing on a port that belongs to a bridge in "hardware offload" mode.

The bridge includes an EoIP tunnel and several Ethernet ports.

The packets that I can't see enter from the EoIP and should egress through ether6.
I can see incoming packets from the EoIP interface, but i cannot see the TX on ether6.

Also tried to sniff TX packets on all other interfaces, just in case.

Only when I disable hardware offload on ether6 I can sniff them.
 
mkx
Forum Guru
Forum Guru
Posts: 2570
Joined: Thu Mar 03, 2016 10:23 pm

Re: No TX sniffed on hardware offloaded ports

Tue Apr 30, 2019 3:18 pm

That's right, if HW offload is enabled, it can well happen that they don't enter device's CPU which is where sniffer can fetch them.
BR,
Metod
 
sindy
Forum Guru
Forum Guru
Posts: 3742
Joined: Mon Dec 04, 2017 9:19 pm

Re: No TX sniffed on hardware offloaded ports

Wed May 01, 2019 7:42 am

I disagree. If both the ingress and egress port of a given frame are "hardware offloaded", what you write is true, but the OP speaks specifically about frames forwarded from an EoIP ingress port (which is not a hardware port so it cannot be hardware-offloaded) to hardware-offloaded ether1 as egress port, and such frames do pass over the CPU port to which the switch chip is connected so they should be seen in the capture.

I've made a similar experience yesterday with locally originated frames (from /IP dhcp-client) and frames forwarded from a wireless interface (so also passing through the CPU port) via the only ether interface to be connected. The inress frames via that only ether are sniffed, the egress ones are not, much like the OP suggests.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
mkx
Forum Guru
Forum Guru
Posts: 2570
Joined: Thu Mar 03, 2016 10:23 pm

Re: No TX sniffed on hardware offloaded ports

Wed May 01, 2019 7:22 pm

I missed that point.

What happens if you sniff packets off non-ethernet port (eoip or wireless), do you still get only one direction (if yes, ingress as well?) or both?
BR,
Metod

Who is online

Users browsing this forum: Bing [Bot] and 87 guests