Ethereal-users: RE: [Ethereal-users] Strange Ethereal Issue when port spanning/mirroring

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Craig Wicker" <CWicker@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 18 Jul 2006 14:58:55 -0400
On the switches I have, here is the command to span a port.
There is a selection of rx|tx [both] (received/transmit or both) as related to which direction of packet travel to capture.
My command normally looks like this:
'set span Gigabit 3/6 Gigabit 7/4 both inpkts enable';  with a negative to stop the span: 'set span disable'.
 

switch (enable) set span

Usage: set span disable [dest_mod/dest_port|all]

             Set span <src_mod/src_ports…|src_vlans…|sc0>

                                    <dest_mod/dest_port> [rx|tx|both]

                                    [inpkts <enable|disable]

                                    [learning <enable|disable>]

                                    [multicast <enable|disable]

                                    [filter <vlan…>]

                                    [create]

 

Craig Wicker
Hooker Furniture Corp
Network Administrator
Ext 3020

 

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Ken Young
Sent: Tuesday, July 18, 2006 11:23 AM
To: 'Ethereal user support'
Subject: [Ethereal-users] Strange Ethereal Issue when port spanning/mirroring

If have just rebuild my laptop and re-installed Ethereal v0.99.   Everything seemed to be fine when I was capturing the network traffic to and from the laptop, example when capturing a ping (default 4 requests):

 

I would capture the following 8 packets in the flow:

 

  1. Laptop – ICMP Request
  2. Destination – ICMP Reply
  3. Laptop – ICMP Request
  4. Destination – ICMP Reply
  5. Laptop – ICMP Request
  6. Destination – ICMP Reply
  7. Laptop – ICMP Request
  8. Destination – ICMP Reply

 

However when I setup port mirroring and capture a ping from Host A to Host B…I only capture the source Host traffic … in this case only the ICMP Requests.

 

Example:

 

Host A – ICMP Request

Host A – ICMP Request

Host A – ICMP Request

Host A – ICMP Request

 

The replies from Host B are not captured.   I know its not an issue with the switch or the port mirroring because I can connect another PC with Ethereal re-run the same test and capture all 8 packets.

 

I have also tried to install version 0.10.14 but also received the same issue.  I have also played around with different Intel NIC driver versions but no luck as of yet.

 

Also this is not an issue with only ICMP traffic, if I were to capture a FTP session I would see the same results – only source traffic.

 

Here are the details of my setup:

 

Dell Latitude - D505

OS - Win XP SP2

NIC - Intel Pro/100 VE

NIC Driver - 8.0.27.0 (1/12/2006)

 

 

Any suggestions I would greatly appreciate it…

 

Thanks In advance

 

 

 

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users