Hi there, I would like to connect my Wireshark to my HP 2510g-48 network switch so I can analyze the network traffic. I know the switch is capable of mirroring on specific ports. I have promiscous mode set on my NIC. Can anyone advise me on which steps I need to take next in order to recieve all network traffic on Wireshark? Thanks. asked 30 Apr '12, 01:59  computer_guy |
2 Answers:
May I suggest, that you just look at the specific section inside the manual? At http://cdn.procurve.com/training/Manuals/2510G-MgmtCfg-Jun2008-59923095.pdf in Section B-23 (google is your friend) you find the details on how to configure port monitoring answered 30 Apr '12, 02:18  Landi showing 5 of 6 show 1 more comments |
There are two steps you need for monitoring. First you need to configure the mirror-port, which is where your Wireshark will be capturing packets. You have set port 36 for this. Then you need to select the ports you wish to monitor. (In some models you can also select VLANs to monitor). When you have done that, a copy of traffic on the monitored port(s) (or VLANs) will be sent to the mirror-port. answered 04 May '12, 16:58  martyvis |
Thanks for your quick answer. I have already enabled monitoring on port 36. The cable from 36 goes into the system I have wireshark on. Is there any way I can check that it is mirroring corretly. When I ssh onto the switch, it shows Monotoring Enabled: YES Monitoring Port: 36
Any help would be really good.
Thats dependend on WHAT exactly you want to monitor - check IPs, VLAN Tags etc. inside your wireshark trace and look if the corresponding endpoints appear inside your data
Ok, thanks. One last question. My switch is part of a stack. It is the commander switch. Does this mean if I monitor on my commander (Like I am doing), I will get traffic via wireshark for all four switches in my stack?
Good question, since I don't know HP switches too good I can only guess that you configure your port locally meaning only on your current physical device if there is no other configuration setting like e.g. a module/slot number or anything referring to one of the stacked devices, but that's just a guess
if you enable monitoring on port 36, should'nt you connect the sniffer to another port, the mirroing port?
Regards
Kurt
Kurt, thanks for your message. I believe that on HP switches, monitoring and mirroring are the same thing, so I have plugged sniffer into port configured as monitoring port (36).