Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Understanding what I'm seeing

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Rafael.Almeida@xxxxxxxxxx
Date: Wed, 10 Oct 2007 13:25:26 -0200


Issue the "sh monitor" command, search if the port monitor is monitoring both directions of the port.


Rafael Sarres de Almeida
Seção de Gerenciamento de Rede
Superior Tribunal de Justiça
Tel: (61) 3319-9342


Chad Webb <Chad.Webb@xxxxxxxx>
Enviado por: wireshark-users-bounces@xxxxxxxxxxxxx

10/10/2007 10:20

Favor responder a
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Para
wireshark-users@xxxxxxxxxxxxx
cc
Assunto
[Wireshark-users] Understanding what I'm seeing





I'm currently using version 0.99.6 on a Windows platform.

I have the following configuration set up on my Cisco 3560 switch.

monitor session 1 source interface Gi0/21 (Windows XP Desktop)
monitor session 1 destination interface Gi0/22 (Windows XP Laptop
w/Wireshark application)

I start a capture, selecting the interface connected to the switch.  The
capture returns traffic, but all that I'm seeing is what appears to be
mostly ARP, Broadcast, DNS Queries and some UDP traffic (all expected).
What I'm not seeing is the TCP STREAMS.....I can see some TCP traffic
but not the entire stream....so I can't follow any of them.  For
example, I've been trying to uncover an issue with IMAP mail clients
having "network disconnects" to a remote server.  When I do anything in
my mail all I see is Echo traffic and Source = "localhost" and
destination is shown as the system on which my mail client resides.

Why can't I see the traffic across the switch like I'm expecting to?  Do
I have something misconfigured.  I haven't done this too often but I
though I had once before and saw all of the traffic as normal.

Please help.

Thanks,

Chad Webb
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
  • References:
    • [Wireshark-users] Understanding what I'm seeing
      • From: Chad Webb
  • Prev by Date: Re: [Wireshark-users] Understanding what I'm seeing
  • Next by Date: Re: [Wireshark-users] Understanding what I'm seeing
  • Previous by thread: Re: [Wireshark-users] Understanding what I'm seeing
  • Next by thread: [Wireshark-users] Multipath
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation