Wireshark · Ethereal-users: Re: [Ethereal-users] Monitoring Cisco Router using Ethereal

[Guy Harris <guy@xxxxxxxxxx>]

> 	I´m trying to capture snmp traps(linkdown) on a Cisco Router
> (AS5800) using Ethereal.  Well, i configured the router but Ethereal
> didnt get a thing.
> 	Has anyone had experience with that? Is Ethereal capable of
> capturing these traps?

Ethereal's *capable* of capturing any packet that it can get from the
underlying packet capture mechanism.  There's nothing particularly
special about SNMP traps.

However, if the trap wasn't sent to the machine that was running
Ethereal (or tcpdump, or Network Associates' Sniffer, or Microsoft
Network Monitor, or KSnuffle, or...), the packet can be captured by the
underlying packet capture mechanism only if

	the packet is sent on a network the machine running the packet
	capture program is on;

	the network isn't switched (i.e., the machine running the packet
	capture program isn't plugged into a switch or switching hub),
	or the port into which that machine is plugged is set up to see
	all traffic on the switched network (some switches let you do
	that; how it's done depends on the switch, and I don't know the
	details of how to do that for any switch);

	the capture program is configured to put the network interface
	into promiscuous mode (note that promiscuous-mode captures may
	not work with Ethereal 0.8.18 if you're running in "Update list
	of packets in real time" mode; there is a workaround, but you'd
	probably be better off just getting the recently-released 0.8.19
	release, which fixes that bug);

	the network interface's driver supports promiscuous mode;

	the network interface itself supports promiscuous mode.