This repository has been archived by the owner on Nov 4, 2022. It is now read-only.
Decapsulate ERSPAN #227
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Seems like most network utilities are now building in support for ERSPAN decapsulation. From what I've been able to test so far, there is no reliable way to decapsulate ERSPAN traffic before stenographer grabs it. We're trying to send ERSPAN Type II traffic directly from VMWare vDS to a Linux host that's being used for NIDS (Security Onion), that uses Steno to capture the packets.
The text was updated successfully, but these errors were encountered: