https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/240237#M3175 <P>Good day!</P><P>I have written an email to our customer as soon as I saw the SK. It was not accepted as a valid explanation.</P><P>On the bright side, I was able to capture all packets on a BPEthX interface on our test chassis. The next step will be to gather another set of pcaps from BPEthX and then look for malformed packets in wireshark. The concern is that the chassis itself may calculates the length field wrong, and I need to disprove it.</P><P>&nbsp;</P> Mon, 03 Feb 2025 06:09:15 GMT Gennady 2025-02-03T06:09:15Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/232319#M3172 <P>Hi, everyone!</P><P>We have a strange problem in a customer environment. There are rx_length_errors constantly increasing on BPEth0 and BPEth1 interfaces. We can see that there are no rx_undersize or rx_oversize in the output of ethtool -S BPEthX.</P><P>#ethtool -S BPEth1 | grep 'port.rx_undersize\|port.rx_oversize\|port.rx_length_erro</P><P>&nbsp;&nbsp;&nbsp;&nbsp; rx_length_errors: 172188</P><P>&nbsp;&nbsp;&nbsp;&nbsp; port.rx_length_errors: 172188</P><P>&nbsp;&nbsp;&nbsp;&nbsp; port.rx_undersize: 0</P><P>&nbsp;&nbsp;&nbsp;&nbsp; port.rx_oversize: 0</P><P>&nbsp;</P><P>#ethtool -S BPEth1 | grep 'port.rx_undersize\|port.rx_oversize\|port.rx_length_erro</P><P>&nbsp;&nbsp;&nbsp;&nbsp; rx_length_errors: 172192</P><P>&nbsp;&nbsp;&nbsp;&nbsp; port.rx_length_errors: 172192</P><P>&nbsp;&nbsp;&nbsp;&nbsp; port.rx_undersize: 0</P><P>&nbsp;&nbsp;&nbsp;&nbsp; port.rx_oversize: 0</P><P>I have tried to capture traffic on BPEthX interface of our lab Chassis 64000. 99% of traffic is CCP and ARPs. There is no production traffic in tpcdump or cppcap. It looks like SecureXL doing the same thing as with VSX wrpj interfaces.</P><P>What is the procedure to capture all frames which are passing via back-plane interfaces?</P><P>What may be the reason for the strange rx_length_errors?</P><P>&nbsp;</P> Mon, 11 Nov 2024 13:32:57 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/232319#M3172 Gennady 2024-11-11T13:32:57Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/232381#M3173 <P>I'd consult with TAC here.</P> Mon, 11 Nov 2024 23:13:50 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/232381#M3173 PhoneBoy 2024-11-11T23:13:50Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/240215#M3174 <P>Believe it or not, this may be related to a bug in the icen driver not properly computing the Length field of the generated Ethernet frame.&nbsp; See here:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk183040" target="_blank" rel="noopener"><SPAN>sk183040: HealthCheck Point reports "rx_length_errors" for Security Group Members in a Maestro cluster</SPAN></A></P> Sat, 01 Feb 2025 23:18:50 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/240215#M3174 Timothy_Hall 2025-02-01T23:18:50Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/240237#M3175 <P>Good day!</P><P>I have written an email to our customer as soon as I saw the SK. It was not accepted as a valid explanation.</P><P>On the bright side, I was able to capture all packets on a BPEthX interface on our test chassis. The next step will be to gather another set of pcaps from BPEthX and then look for malformed packets in wireshark. The concern is that the chassis itself may calculates the length field wrong, and I need to disprove it.</P><P>&nbsp;</P> Mon, 03 Feb 2025 06:09:15 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/64000-Chassis-capture-traffic-on-BPEthX-interface/m-p/240237#M3175 Gennady 2025-02-03T06:09:15Z