Wireshark-users: Re: [Wireshark-users] Listening on Port mirrored interface

From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Sun, 18 Feb 2007 18:25:34 +0100
What about tcpdump, does it capture?
What happen if you run it as root, can you capture?
is /dev/ifname readable by the user you are trying to capture with?

On 2/18/07, William Murphy <William.Murphy@xxxxxxxxxxxxxxxxxx> wrote:
Hi All,

   Don't know if this is the correct board to put this too but hear goes anyway.
I am having problems listening for packets on my Sun Machine.

I have a F5 BIGIP switch on which I mirrored the traffic port(i.e.9) to another port 16 for listening and tracing. In port 16 bi run a cable to my Sun Solaris V440 machine. On this machine I simply plumb the interface to where the cable is, give it a dummy ip address,netmask and broadcast address and bring it up. Issue is when I run Tshark I see no packets.

Any ideas on what I have done wrong or even some tricks. When I connect my laptop instead of Sun server and run wireshark , then I can see packets that I want. I don't even give the laptop interface card a ip address, netmask and broadcast address and it still works.

William


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan