Ethereal-users: RE: [Ethereal-users] getting Ethereal to run on Windows

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Craig Wicker" <CWicker@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Dec 2004 16:08:24 -0500
I believe the switch port is not set up for monitoring network traffic. 
You know what port of the switch you are physically plugged into...so in
'enable' mode enter into configuration mode with the 'config t' command.
Then decide what port or VLAN (by default everyone is in VLAN1) you wish
to monitor. Next command for the switch would be 'interface fastethernet
0/2' (where 0/2 is the name of the port you are plugged into); then you
can make that port monitor other ports. Next command for this is
something like this: 'port monitor fastethernet 0/5' (where 0/5 is the
port you wish to monitor via port 0/2). You can change "0/5" to VLAN1 to
monitor the entire switch. The command to stop is: (after entering into
configuration mode; then access the monitoring port via the 'interface
fastethernet x/x' command) 'no port monitor fastethernet x/x'.


Craig Wicker
Systems Administrator
Hooker Furniture Corporation
Sniffer Certified Professional
CompTIA A+, N+
Microsoft MCP
Cisco CCNA
HP-UX
Remember - - - - -  "STRESSED"
spelled backward is "DESSERTS"

-----Original Message-----
From: Guy Harris [mailto:gharris@xxxxxxxxx] 
Sent: Tuesday, December 21, 2004 3:41 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] getting Ethereal to run on Windows

Richard Lopez wrote:

> I'm a new user to Ethereal and trying to get it running on Windows XP.

> Whenever I start a new session the only traffic I see is spanning tree

> from the Cisco switch. I thought the problem was with the Catalyst 
> 2950 switch not being properly configured for SPAN but I have 
> exhausted all the possibilities in that area. That idea was reinforced

> whenI put an old hub in the network instead of the switch and I could
see traffic.
> However, if I run Ethereal from a Linux box connected to the port I 
> have designated as the SPAN destination port I can see all network 
> traffic which tells me that the switch is configured properly.

I.e., you plug a machine running Windows XP (or W2K) into that port, and
run Ethereal on it, and that instance of Ethereal sees only STP traffic
(probably because it's broadcast or multicast), but if you plug a Linux
machine into the *same* port, and run Ethereal on the Linux machine,
that instance of Ethereal sees all the traffic?

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users