Ethereal-users: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Mike Kelley <MikeK@xxxxxxxxx>
Date: Thu, 11 Sep 2003 11:34:35 -0600
This is what I get from "dmesg | grep promisc" & "ifconfig -a" eth0 is the
one currently plugged into a hub with the target but it is also the
interface I have used plugged into the FE 0/8 that is monitoring FE 0/3
<SNIP>
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 11
switchport mode trunk
switchport voice vlan 111
!
<SNIP>
!
interface FastEthernet0/8
port monitor FastEthernet0/3
!
<SNIP>
Las_Cruces3524_1#sh port monitor
Monitor Port Port Being Monitored
--------------------- ---------------------
FastEthernet0/8 FastEthernet0/3
<SNIP>
[spike@localhost spike]$ dmesg | grep promisc
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth1 entered promiscuous mode
device eth1 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
[spike@localhost spike]$ /sbin/ifconfig -a
cipsec0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1400 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 00:08:74:
inet addr:192.168.11.73 Bcast:192.168.11.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:576557 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:43357674 (41.3 Mb) TX bytes:7734 (7.5 Kb)
Interrupt:11 Base address:0xec80
eth1 Link encap:Ethernet HWaddr 00:40:05:
inet addr:192.168.11.81 Bcast:192.168.11.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:333129 errors:0 dropped:0 overruns:0 frame:0
TX packets:124925 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:31761378 (30.2 Mb) TX bytes:12228323 (11.6 Mb)
Interrupt:11 Base address:0xb000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:565755 errors:0 dropped:0 overruns:0 frame:0
TX packets:565755 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38652246 (36.8 Mb) TX bytes:38652246 (36.8 Mb)
[spike@localhost spike]$ /sbin/ifconfig eth0 -promisc
SIOCSIFFLAGS: Permission denied
[spike@localhost spike]$ su
Password:
[root@localhost spike]# /sbin/ifconfig eth0 promisc
[root@localhost spike]# /sbin/ifconfig eth1 promisc
[root@localhost spike]# /sbin/ifconfig -a
cipsec0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1400 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 00:08:74:
inet addr:192.168.11.73 Bcast:192.168.11.255
Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:577043 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:43394448 (41.3 Mb) TX bytes:7734 (7.5 Kb)
Interrupt:11 Base address:0xec80
--
Mike
-----Original Message-----
From: McNutt, Justin M. [mailto:McNuttJ@xxxxxxxxxxxx]
Sent: Thursday, September 11, 2003 9:53 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
Do a 'dmesg | grep promisc' and make sure the interface is actually going
into promiscuous mode. Also check the output of 'ifconfig -a'. You should
see confirmation there as well.
But I'll bet that the problem is that the port mirror is not set up
correctly, or that the port mirror is not working. There have been several
versions of code in which port mirrors act strangely...
--J
-----Original Message-----
From: Mike Kelley [mailto:MikeK@xxxxxxxxx]
Sent: Wednesday, September 10, 2003 4:41 PM
To: 'ethereal-users@xxxxxxxxxxxx'
Subject: [Ethereal-users] mirrored/monitored/SPAN'd port not working
I've spent over 8 hours researching and trying and RTFM'ing ... I had my
network admin mirror a port on our cisco switch. When I sniff the port all I
get is the broadcast messages or local traffic
I have read
http://www.ethereal.com/faq.html#q5.1
over and over ... I have manually (ifconfig ...) put the interfaces into
promiscuous mode.
What next to trouble shoot?
Thanks in advance
Mike
- Follow-Ups:
- RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- From: Brandon Applegate
- RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- Prev by Date: Re: [Ethereal-users] Automation of Ethereal
- Next by Date: RE: [Ethereal-users] stop capturing on condition
- Previous by thread: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- Next by thread: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- Index(es):
