Ethereal-users: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Mike Kelley <MikeK@xxxxxxxxx>
Date: Thu, 11 Sep 2003 11:34:35 -0600
This is what I get from "dmesg | grep promisc" & "ifconfig -a" eth0 is the
one currently plugged into a hub with the target but it is also the
interface I have used plugged into the FE 0/8 that is monitoring FE 0/3
<SNIP>
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 11
switchport mode trunk
switchport voice vlan 111
!
<SNIP>
!
interface FastEthernet0/8
port monitor FastEthernet0/3
!
<SNIP>
Las_Cruces3524_1#sh port monitor
Monitor Port Port Being Monitored
--------------------- ---------------------
FastEthernet0/8 FastEthernet0/3
<SNIP>
[spike@localhost spike]$ dmesg | grep promisc
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
eth0: Setting promiscuous mode.
device eth0 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth1 entered promiscuous mode
device eth1 left promiscuous mode
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
[spike@localhost spike]$ /sbin/ifconfig -a
cipsec0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1400 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 00:08:74:
inet addr:192.168.11.73 Bcast:192.168.11.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:576557 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:43357674 (41.3 Mb) TX bytes:7734 (7.5 Kb)
Interrupt:11 Base address:0xec80
eth1 Link encap:Ethernet HWaddr 00:40:05:
inet addr:192.168.11.81 Bcast:192.168.11.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:333129 errors:0 dropped:0 overruns:0 frame:0
TX packets:124925 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:31761378 (30.2 Mb) TX bytes:12228323 (11.6 Mb)
Interrupt:11 Base address:0xb000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:565755 errors:0 dropped:0 overruns:0 frame:0
TX packets:565755 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38652246 (36.8 Mb) TX bytes:38652246 (36.8 Mb)
[spike@localhost spike]$ /sbin/ifconfig eth0 -promisc
SIOCSIFFLAGS: Permission denied
[spike@localhost spike]$ su
Password:
[root@localhost spike]# /sbin/ifconfig eth0 promisc
[root@localhost spike]# /sbin/ifconfig eth1 promisc
[root@localhost spike]# /sbin/ifconfig -a
cipsec0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1400 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 00:08:74:
inet addr:192.168.11.73 Bcast:192.168.11.255
Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:577043 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:43394448 (41.3 Mb) TX bytes:7734 (7.5 Kb)
Interrupt:11 Base address:0xec80
--
Mike
-----Original Message-----
From: McNutt, Justin M. [mailto:McNuttJ@xxxxxxxxxxxx]
Sent: Thursday, September 11, 2003 9:53 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
Do a 'dmesg | grep promisc' and make sure the interface is actually going
into promiscuous mode.� Also check the output of 'ifconfig -a'.� You should
see confirmation there as well.
�
But I'll bet that the problem is that the port mirror is not set up
correctly, or that the port mirror is not working.� There have been several
versions of code in which port mirrors act strangely...
�
--J
-----Original Message-----
From: Mike Kelley [mailto:MikeK@xxxxxxxxx]
Sent: Wednesday, September 10, 2003 4:41 PM
To: 'ethereal-users@xxxxxxxxxxxx'
Subject: [Ethereal-users] mirrored/monitored/SPAN'd port not working
I've spent over 8 hours researching and trying and RTFM'ing ... I had my
network admin mirror a port on our cisco switch. When I sniff the port all I
get is the broadcast messages or local traffic
I have read
http://www.ethereal.com/faq.html#q5.1
over and over ... I have manually (ifconfig ...) put the interfaces into
promiscuous mode.
What next to trouble shoot?
Thanks in advance
Mike
- Follow-Ups:
- RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- From: Brandon Applegate
- RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- Prev by Date: Re: [Ethereal-users] Automation of Ethereal
- Next by Date: RE: [Ethereal-users] stop capturing on condition
- Previous by thread: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- Next by thread: RE: [Ethereal-users] mirrored/monitored/SPAN'd port not working
- Index(es):