Currently we are involved in Nice VoIP Infrastructure. We had a case where sniffer port was unable to receive data but wireshark shows packets receive. Is it a current status of sniffer port? Is it that wireshark is only capturing what switch port is throwing not what sniffer captures? Your quick response will be highly appreciated. Thanks. Umar. asked 16 Jun '12, 04:09  umarfawad |
One Answer:
I'm not really sure what you are asking, but here is my guess, based on the information you provided:
Maybe you did not connect wireshark to the monitor/mirror/span/sniffer port on the switch and you saw broadcast traffic in wireshark, as you do on any regular access port of a switch. Maybe it was traffic to/from your sniffer PC. To verify that, please tell us more about your sniffer (switch) setup and tell us what you saw in wireshark.
what do you mean by "what sniffer captures"? Wireshark IS the sniffer. Maybe you can tell us a bit more about your setup. Did you check this: http://wiki.wireshark.org/CaptureSetup/Ethernet Regards answered 16 Jun '12, 04:43  Kurt Knochner ♦ edited 16 Jun '12, 04:46 |
