When capturing packets on a Junos device, the output packet capture will include a Juniper ethernet header.
Example of such capture:
As you can see the Juniper ethernet header is gone.
editcap -C22 -L -T ether capture.pcap cap_pcapng.pcap
Example of such capture:
tcpdump -c1 -nvvr capture.pcap
reading from file JTAC.pcap, link-type JUNIPER_ETHER (Juniper Ethernet)
14:58:06.569634
Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
Device Media Type Extension TLV #3, length 1, value Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value 149
Logical Interface Index Extension TLV #4, length 4, value 872
-----original packet-----
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.128.123.19 tell 10.128.123.254, length 28
editcap -C22 -L -F libpcap -T ether capture.pcap cap_libpcap.pcap
As you can see the Juniper ethernet header is gone.
tcpdump -c1 -nvvr cap_libpcap.pcap
reading from file cap_libpcap.pcap, link-type EN10MB (Ethernet)
14:58:06.569634 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.128.123.19 tell 10.128.123.254, length 28
capinfos cap_libpcap.pcap
File name: cap_libpcap.pcap
File type: Wireshark/tcpdump/... - pcap
File encapsulation: Ethernet
editcap -C22 -L -T ether capture.pcap cap_pcapng.pcap
tcpdump -c1 -nvvr cap_pcapng.pcap
reading from file cap_pcapng.pcap, link-type JUNIPER_ETHER (Juniper Ethernet)
14:58:06.569634 no magic-number found!
capinfos cap_pcapng.pcap
File name: cap_pcapng.pcap
File type: Wireshark/... - pcapng
File encapsulation: Juniper Ethernet 
No comments:
Post a Comment