Edgerouter ER-X-SFP: Leaking MAC packets
Dear Wireshark professionals
My ER-XSFP with the latest firmware 2.0.8-hotfix1 does sometime do some MAC violation of its WAN MAC using other ones. Not sure if the ones from the other eth ports or even from devices within my network. From my ISP, I only get a file with date/time of the violation but NO MAC which did trigger that. So I have to do my own research to either proof the Edgerouter it self as the failure or the SFP fibre module or something else.
So my intention is to: - capture only the outgoing traffic on my WAN port (eth5) except all traffic with source MAC f0:9f:c2:61:36:96 of my WAN port - Use Wireshark on my Mac Mini Server to run a 24-48 h test with accessing the Edgerouter ER-XSFP to capture the traffic data under above rule - If a violation is recognized, only record one minute before and after that occurence - In Wireshark every hour do start a new *.pcapng capture log file
So far I'm able to access the Edgerouter from within Wireshark Mac OS lates Version through GUI - "SSH remote capture: sshdump". I did use the command
/usr/sbin/tcpdump -i eth5 -w - not ether host f0:9f:c2:61:36:96 and not ether broadcast and not ether multicast
but it doesn't exclude any src/dest data from MAC f0:9f:c2:61:36:96.
Does anyone have a suggestion how I can get the required data to solve that whole problem.
Thank you to anyones help and suggestion.
Regards Thomas
You say: "I did use the command /usr/sbin/tcpdump -i eth5 -w - not ether ..." Where did you use this command in sshdump? Is that the remote capture command you entered in the configuration dialog?
I did enter it in "Interface Options: SSH remote capture: sshdump" in tab "Capture" in filed "Remote capture command" with flag "Use sudo on the remote machine".