Decapsulating traffic in a GRE tunnel

I may be missing it, but I can't seem to find how to have packetbeat strip GRE headers from a L2 tunnel I have set up. Basically, when looking at the traffic in tcpdump, tshark, or wireshark, you can see the traffic plainly (it isn't encrypted, just encapsulated) within the GRE tunnel.

I saw there is a filter w/in beats to strip VLAN tags, and this would be similar, but the encapsulation ends at byte 37.


Will packetbeat read this traffic automagically, does it need a filter statement, or is it not capble of decapsulating such a tunnel currently?


Unfortunately, Packetbeat cannot decapsulate traffic in a GRE tunnel. Do you mind opening an enhancement request, so its state can be tracked?

Hi Noémi,
Darn. :slight_smile:
Thanks for the response. I'll open an enhancement request.

Take care,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.