This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Bridging an Air Gap to Collect Support Information

Follow

There are many cases where it is not possible to transfer files off of a switch that is being analyzed. One unique opportunity that Cumulus Linux offers is the ability to collect this information via a text console; even for files which do not contain text. This document highlights a technique to share smaller (~2MB or less) packet captures or cl-support files in text-based form using a console to extract the packet capture from the isolated network device.

{{table_of_contents}}

Issue

Networks isolated by an air gap are common. Unfortunately, this necessary security measure can impede rapid troubleshooting of network issues when packet captures need to be collected and exchanged from the affected devices.

Cause

An air gap or air wall is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured LAN.

Resolution

By using the process below, you can encode a collected Packet Capture (PCAP) or cl-support file into base64 encoding, which can be exchanged across the air gap and then decoded back into the original file.

Note: You can get the best results when performing this process with files that have already been compressed, although it is not required.

  1. Collect traffic of interest into a Packet Capture (PCAP) file using tcpdump or generate a cl-support file with the cl-support utility.
  2. Encode the PCAP (or cl-support) file into base64 encoding:
    cumulus@switch$ base64 ./traffic.pcap
    obLD1AACAAQAAAAAAAAAAAAA//8AAAAB7gAAABCAAAAQkQ4OQBJzEQ4OQBKTQgARcAA
    --snip--
    QkQ4OQBJAxgAAAAFAAAAAwAD0JAAA9CQAAAAAA==
  3. Copy the encoded base64 text across the air gap and insert the text into a text file on another Linux system.
  4. Re-encode the base64 textfile into the original PCAP file:
    user@device$ base64 --decode ./textfile.txt > traffic.pcap
  5. Analyze the traffic capture in whatever tool is preferred:
  6. user@device$ wireshark traffic.pcap

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk