Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1879
Views
0
Helpful
1
Replies

MACsec switch-to-switch capture traffic

Go to solution
Moti A
Level 1
Level 1

‎07-28-2020 05:30 AM

Hi,

I am trying to capture encrypted traffic between two MACsec enabled switches (manual mode), I put the secured interfaces as a source but I can see clear test capture even though I can see that the links are secured.

I am using 6504 switches with WS-X6908-10G line cards and using monitor capture feature - when I am exporting the captured buffer to Wireshark I can see all payload content.
my thought is that the capture point is before the encryption and decryption take place since those are PHY to PHY based.

 

Am I right?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-29-2020 12:14 AM

Hi,
The traffic will be encrypted on egress from the switch, so if you are taking a packet capture from the switch itself, the traffic would not have been encrypted yet. You'd have to capture the traffic in between the switches.

HTH

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎07-29-2020 12:14 AM

Hi,
The traffic will be encrypted on egress from the switch, so if you are taking a packet capture from the switch itself, the traffic would not have been encrypted yet. You'd have to capture the traffic in between the switches.

HTH
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card