Wireshark-users: Re: [Wireshark-users] Can Wireshark differentiate between multiple Cisco SPAN so
Hi Marty,
I don't see a way to do this.
I suppose if the four ports belonged to four different VLANs, and you
found a way to preserve VLAN tags across the SPAN function, then you
could split the four streams apart using Wireshark.
If the SPAN function inserted some sort of tag into each frame as it
went past, a tag which identified the source port, then Wireshark would
have something to chew on. But the SPAN function doesn't do this -- it
doesn't modify traffic as it performs is 'xeroxing' function.
So, all those frames will reach the SPAN function without any source
identifier ... the Nexus will transmit them out the SPAN port ... they
will arrive at Wireshark ... and Wireshark thus will have no way to
distinguish which frame came from where.
With these resources, I don't see a way to solve this problem.
Best,
--sk
Stuart Kendrick
FHCRC
On 9/5/2013 10:48 AM, Marty.Gramlick@xxxxxxxxxxxxxxx wrote:
I'm running a SPAN on a Cisco Nexus FEX 2248. The 4 ports I want to look at are on the same VLAN and the same FEX switch. Due to limitations with the Cisco hardware, they must all be part of the same monitor session. In other words I was hoping to SPAN each one individually, but in order to look at all of them they need to be in the same monitor session therefore they are going to 1 NIC on the Wireshark server. Is there anything embedded or anyway for Wireshark to resplit the traffic back into 4 separate traffic streams?
Thanks,
MARTY GRAMLICK
Senior Network Engineer, Specialist
The University of Chicago Medicine
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe