[c-nsp] 'mirror' a PPPoE session
Adrian Chadd
adrian at creative.net.au
Tue Jun 26 00:42:35 EDT 2007
On Tue, Jun 26, 2007, Skeeve Stevens wrote:
> I've seen the LI stuff... seems awfully painful and expensive.
>
> I'd really rather a tcpdump of sorts.
Its not -that- easy; as its easy to dump the traffic to/from your
BBA's transit port but that wouldn't capture client<->client traffic
on that BBA. You'd have to perform traffic captures on the L2TP/PPPoE
traffic coming in and pull off traffic for that particular session.
.. which isn't so hard if your PPPoE/L2TP stuff is delivered over
Ethernet, but not so good if you're getting your sessions over
something less intercept-y (ATM) and you're routing stuff with
some in-between ethernet segment.
(Yes, I've done this with a locally written program using libpcap
to sniff L2TP/PPP tunnel sessions off a SPAN port. No, someone
bought it.)
Adrian
More information about the cisco-nsp
mailing list