Good day all,
I am currently experimenting with ZeroTier due to its VL1 and VL2 capabilities. As of now, I have successfully created host "home-server’ as an exit node with another host “work-laptop” using home-server as an exit node.
Both host are not on the same network
While taking a look at the wireshark of home-server physical NIC enp7s0, which routes to the Internet, I can see most of the layer 3 traffic and none of the other layers traffic from work-laptop
I am running an experiment where I have to use home-server as a “traffic collector”, which takes in all the traffic from every device connected, therefore its essential to receive every layer of traffic. Is there a way where ZeroTier can route every layer of traffic?
I’m not entirely clear on what you mean when you say you don’t see the other layers of traffic. I’m assuming you mean you want to see the ZeroTier traffic pre-encryption, but are only seeing it post-encryption. If that’s the case, then you’ll need to run Wireshark on the ZeroTier interface, and not the physical interface. Let me know if that’s not what you meant and I can try to help.
As a side note, if you’re trying to build a traffic collector, the rules engine has a pretty cool feature where you can tee traffic to another node. It just replicates the traffic on that node and sends it to a different node. There’s some filtering options to make it more efficient like only sending the first ‘n’ bytes of the packet, so you don’t flood a node. Check out the “Traffic Observation and Interception” section here: Rules Engine | ZeroTier Documentation