ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Looking for some help or advice with an issue

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Charles.Neff@xxxxxxxxxx
Date: Tue, 8 Apr 2008 17:49:10 -0500

Not using any EtherChannels.  The thing that seems troubling to me is the fact that using the same equipment, server, and programs, plain telnet traffic shows up just fine, both directions.  The only difference between this case and the one where I have issues is the POS program that is running on the server.  Could it be changing the packets in any way that would cause them to not be picked up by WireShark?  and if so, what is it changing them to, and how can it be fixed?

_charley



Alan Emery <ademery@xxxxxxxxxx>
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx

04/08/2008 04:15 PM
Please respond to
Community support list for Wireshark           <wireshark-users@xxxxxxxxxxxxx>
To
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
cc
Subject
Re: [Wireshark-users] Looking for some help or advice with an issue





Scanning through the information sent so far raises the question of whether you are using some type of EtherChannel bundling for uplinks. If so, and you are only spanning one of the links in the bundle to your Wireshark port, you might see the behavior identified. Depending on the algorithm in use by the switch, you might see traffic in one direction on the link you selected, and not traffic in the opposite direction. If the algorithm does any kind of dynamic allocation, it may explain why it appears that devices are coming and going as they are allocated or removed from the link in the bundle you are watching.

Verify whether you are using a EtherChannel bundling path technology on the switch you are monitoring. If so, you need to monitor all the pipes in the bundle, but watch out for oversubscription of the monitor port you have attached Wireshark to.

Alan Emery

Global Solution Center
1177 S Beltline Road, Coppell, TX 75019
ademery@xxxxxxxxxx _______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube