Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Understanding what I'm seeing

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Chad Webb <Chad.Webb@xxxxxxxx>
Date: Wed, 10 Oct 2007 13:11:40 -0500
Removed SPAN configuration and reconfigured....

net-gig2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
net-gig2(config)#monitor session 1 source interface Gi0/21
net-gig2(config)#monitor session 1 destination interface Gi0/22
net-gig2(config)#^Z
net-gig2#
net-gig2#sh monitor
Session 1
---------
Type              : Local Session
Source Ports      :
    Both          : Gi0/21
Destination Ports : Gi0/22
    Encapsulation : Native
          Ingress : Disabled


net-gig2#


Port 21 has my work desktop (Windows XP) - 192.168.1.206
Port 22 has laptop with Wireshark installed (Windows XP) - 192.168.1.240

Capture packets in promiscuous mode is checked.

Packet capture started on interface connected to Cat5 cable and
reporting ip address in the interface details.

Packet captures show no traffic between 192.168.1.206 and actual
destinations (www.4thegame.com - 213.160.120.1).
When http attempt is made to www.4thegame.com (213.160.120.1) all I see is:

Source		Destination	Protocol	Info
127.0.0.1	213.160.120.1	ICMP		Echo (ping) request


Intertwined between the pings are the following packages:

Source		Destination	Protocol	
192.168.1.206	192.168.1.240	TCP(and othes)	

It appears anything destined for outside the network is show as to the
destination IP of the monitor/analyzer

This is the same for all traffic.  Am I missing something?  Should I
remove the IP address of the monitoring system?
I tried that before but with no positive results.


Giles Coochey said the following on 10/10/2007 9:58 AM:
>> Obviously the port monitoring is incorrect. Cisco does a great job of
>> being inconsistent across their product line (but don't tell that to
> the
>> layer 3 guys - most insist Cisco can do no wrong as an article of
> faith).
> 
> Are you sure that the port monitoring is wrong for a 3560?
> 
> Maybe I'm missing something.
> 
> Giles
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users

-- 
Chad S. Webb
Systems Administrator
General Dynamics Information Technology
NOAA\NESDIS\NCDDC
Bldg 1100 Rm 117
Stennis Space Center, MS 39529
Voice: 228.688.3808
Email: Chad.Webb@xxxxxxxx; chad.webb@xxxxxxxx
www.gdit.com
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube