Decapsulating traffic in a GRE tunnel

Sweendog · June 26, 2018, 7:27pm

Hi,
I may be missing it, but I can't seem to find how to have packetbeat strip GRE headers from a L2 tunnel I have set up. Basically, when looking at the traffic in tcpdump, tshark, or wireshark, you can see the traffic plainly (it isn't encrypted, just encapsulated) within the GRE tunnel.

I saw there is a filter w/in beats to strip VLAN tags, and this would be similar, but the encapsulation ends at byte 37.

Will packetbeat read this traffic automagically, does it need a filter statement, or is it not capble of decapsulating such a tunnel currently?

Thanks,
Bill

kvch · June 27, 2018, 9:13am

Unfortunately, Packetbeat cannot decapsulate traffic in a GRE tunnel. Do you mind opening an enhancement request, so its state can be tracked? https://github.com/elastic/beats/issues/new

Sweendog · June 28, 2018, 12:47pm

Hi Noémi,
Darn.
Thanks for the response. I'll open an enhancement request.

Take care,
Bill

system · July 26, 2018, 2:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.