Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2342
Views
0
Helpful
0
Replies

Packet Capture‎ with MACSec/802.1AE

ChristianBur
Level 1
Level 1

‎10-09-2019 02:37 AM - edited ‎10-09-2019 02:39 AM

Hello,

we increasingly rely on MACsec to encrypt our point-to-point WAN lines. The only question now is how a packet capture for analysis can be performed on the encrypted lines.
Until now, the data of the WAN lines ran through permanently installed TAPs. However, the analysis software now only sees the encrypted data.

 

How do you deal with this problem?

 

Ideas are so far:

  • Netflow - no complete packet capture possible
  • dedicated WAN switch - All WAN lines with MACsec are collected on a dedicated switch and forwarded unencrypted (in the same RZ) to the core switches, a TAP is installed on the connection between the two switches.
  • Analysis Software - since the MACsec keys are static, the key could also be stored in the analysis software (e.g. Wireshark) to decrypt the data. But so far I haven't found anything in WireShark and our software.
  • Monitor Port - if you submit a monitor port to the macsec switch port, will the unencrypted data be output or the encrypted data?
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents