Wireshark-users: Re: [Wireshark-users] Monitoring a GE Link
From: "Ian Schorr" <ian.schorr@xxxxxxxxx>
Date: Tue, 30 Sep 2008 15:11:20 +1000
It should work...

You're sure that Wireshark is capturing in promiscuous mode, right?  You both have the capture option set, but also your platform andcapture library are able to do it?  I'm assuming you're using Wireshark on Windows with some recent version of WinPcap?

If you look at the interface stats on the switch, do you see packets getting transmitted (at the same rate as the receive/transmit on the ports you're trying to monitor)?  If so, then the problem is probably on your Wireshark system.

When you say that you can't get traffic to show up, are you saying that you can't see ANY traffic, or just not the traffic you're expecting to see?

Are you setting only "rx" spanning of the ports because you're trying to capture traffic exchanged between the two ports?

Also, you're not going to be pushing more than 100Mbps of traffic into your two GigE ports, right?  Otherwise you're going to drop packets before they make it out the FE port.

You also may as well set the destination port to "switchport mode access" (or trunk depending on whether you want VLAN tags to be transmitted or not), though I'd be surprised if that helped.

-Ian

On Tue, Sep 30, 2008 at 12:46 AM, SMITH, RICHARD S (RICH), ATTLABS <rsmith62@xxxxxxx> wrote:
Has anyone set up monitoring on a GE link through a CISCO 3550?  I can't get traffic to show up on the monitor port where I have Wireshark running.  I've got two GE links and a FE link for the monitor.  All three are configured with "switchport mode dynamic desirable", source for SPAN are the rx of each GE and destination is the FE port.  Any suggestions on how get this set up to work?
 
Thanks,

Rich Smith

Principal Member of Technical Staff

AT&T Labs

Phone - 732-391-3494

 

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users