Decapsulating traffic in a GRE tunnel


(Sweendog) #1

Hi,
I may be missing it, but I can't seem to find how to have packetbeat strip GRE headers from a L2 tunnel I have set up. Basically, when looking at the traffic in tcpdump, tshark, or wireshark, you can see the traffic plainly (it isn't encrypted, just encapsulated) within the GRE tunnel.

I saw there is a filter w/in beats to strip VLAN tags, and this would be similar, but the encapsulation ends at byte 37.

image

Will packetbeat read this traffic automagically, does it need a filter statement, or is it not capble of decapsulating such a tunnel currently?

Thanks,
Bill


(Noémi Ványi) #2

Unfortunately, Packetbeat cannot decapsulate traffic in a GRE tunnel. Do you mind opening an enhancement request, so its state can be tracked? https://github.com/elastic/beats/issues/new


(Sweendog) #3

Hi Noémi,
Darn. :slight_smile:
Thanks for the response. I'll open an enhancement request.

Take care,
Bill


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.