Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Understanding what I'm seeing

Date: Wed, 10 Oct 2007 07:50:16 -0700
Obviously the port monitoring is incorrect. Cisco does a great job of 
being inconsistent across their product line (but don't tell that to the 
layer 3 guys - most insist Cisco can do no wrong as an article of faith). 
Here's a link that should help:
http://books.google.com/books?id=77h9SA94kasC&pg=PA328&lpg=PA328&dq=port+monitor+cisco+3560&source=web&ots=ZK2JCo6gfB&sig=r8_mVVz8aNciDd4cpvNYlKcuLdY

or go to the official documentation:
http://www.cisco.com/warp/public/473/41.html


Randy Grein
Network Engineer





Chad Webb <Chad.Webb@xxxxxxxx> 
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
10/10/2007 06:20 AM
Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>


To
wireshark-users@xxxxxxxxxxxxx
cc

Subject
[Wireshark-users] Understanding what I'm seeing






I'm currently using version 0.99.6 on a Windows platform.

I have the following configuration set up on my Cisco 3560 switch.

monitor session 1 source interface Gi0/21 (Windows XP Desktop)
monitor session 1 destination interface Gi0/22 (Windows XP Laptop
w/Wireshark application)

I start a capture, selecting the interface connected to the switch.  The
capture returns traffic, but all that I'm seeing is what appears to be
mostly ARP, Broadcast, DNS Queries and some UDP traffic (all expected).
 What I'm not seeing is the TCP STREAMS.....I can see some TCP traffic
but not the entire stream....so I can't follow any of them.  For
example, I've been trying to uncover an issue with IMAP mail clients
having "network disconnects" to a remote server.  When I do anything in
my mail all I see is Echo traffic and Source = "localhost" and
destination is shown as the system on which my mail client resides.

Why can't I see the traffic across the switch like I'm expecting to?  Do
I have something misconfigured.  I haven't done this too often but I
though I had once before and saw all of the traffic as normal.

Please help.

Thanks,

Chad Webb
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



- -------------------------

CONFIDENTIALITY NOTICE: The information in this message may be proprietary and/or confidential, and is intended only for the use of the individual(s) to whom this email is addressed.  If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this email and deleting this email from your computer.  Nothing contained in this email or any attachment shall satisfy the requirements for contract formation or constitute an electronic signature.