Here's what my Cisco config shows if I do a show monitor or part of the running config command;
era-2950#show monitor
Session 1
---------
Source Ports:
RX Only: None
TX Only: None
Both: Fa0/1-23,Gi0/1-2
Destination Ports: Fa0/24
or from my running-config file I get;
monitor session 1 source interface Fa0/1 - 23 , Gi0/1 - 2
monitor session 1 destination interface Fa0/24
If I plug a Linux box into port 24 I can see all traffic on the network but from 2 different XP PC's and a Win 2K PC I only see broadcast traffic. Doesn't make sense. I have tried versions 10.7 and .8 and a couple of winpcap versions also with the same results each time.
Thanks,
Rick
>>> CWicker@xxxxxxxxxxxxxxxxxxx 12/21/04 16:12 PM >>>
I believe the switch port is not set up for monitoring network traffic.
You know what port of the switch you are physically plugged into...so in
'enable' mode enter into configuration mode with the 'config t' command.
Then decide what port or VLAN (by default everyone is in VLAN1) you wish
to monitor. Next command for the switch would be 'interface fastethernet
0/2' (where 0/2 is the name of the port you are plugged into); then you
can make that port monitor other ports. Next command for this is
something like this: 'port monitor fastethernet 0/5' (where 0/5 is the
port you wish to monitor via port 0/2). You can change "0/5" to VLAN1 to
monitor the entire switch. The command to stop is: (after entering into
configuration mode; then access the monitoring port via the 'interface
fastethernet x/x' command) 'no port monitor fastethernet x/x'.
Craig Wicker
Systems Administrator
Hooker Furniture Corporation
Sniffer Certified Professional
CompTIA A+, N+
Microsoft MCP
Cisco CCNA
HP-UX
Remember - - - - - "STRESSED"
spelled backward is "DESSERTS"
-----Original Message-----
From: Guy Harris [mailto:gharris@xxxxxxxxx]
Sent: Tuesday, December 21, 2004 3:41 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] getting Ethereal to run on Windows
Richard Lopez wrote:
> I'm a new user to Ethereal and trying to get it running on Windows XP.
> Whenever I start a new session the only traffic I see is spanning tree
> from the Cisco switch. I thought the problem was with the Catalyst
> 2950 switch not being properly configured for SPAN but I have
> exhausted all the possibilities in that area. That idea was reinforced
> whenI put an old hub in the network instead of the switch and I could
see traffic.
> However, if I run Ethereal from a Linux box connected to the port I
> have designated as the SPAN destination port I can see all network
> traffic which tells me that the switch is configured properly.
I.e., you plug a machine running Windows XP (or W2K) into that port, and
run Ethereal on it, and that instance of Ethereal sees only STP traffic
(probably because it's broadcast or multicast), but if you plug a Linux
machine into the *same* port, and run Ethereal on the Linux machine,
that instance of Ethereal sees all the traffic?
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
