I have a cisco router with a port mirroring function. I set it up so my wifi traffic is being mirrored to a port in which my computer is connected to with wireshark running. This used to work for me back in the day, but I dont know why its not working anymore. Are their some sort of IP Address conflict that I may be running in to? Or some sort of setting that I am not aware of? I'm trying to get traces off of an Ipad connected to wifi, however im getting 0 packets even thought I am 100% sure its set up correctly.
asked 20 Sep '12, 14:42
First, welcome to Wireshark.
Wireshark places the interface in promiscous mode to sniff, which means it will receive every frame on the channel, if you're seeing nothing then it hasn't even come close to IP yet and there are more fundemental issuses to resolve.
Check your hardware isn't broken (check the cables and switch), recheck your set up of the mirror. If these two check out OK then you'll need to give us a lot more detail.
If you're using Windows for this then I'd suggest trying linux or unix as their network stacks are very well understood and highly documented, this would also rule out OS interaction.
It may be all round easier for you to just sniff the airwaves.
Passive WiFi sniffing is a bit of a dead donkey when it comes to debugging network issues as there's no way to account for the specific environment at the receiving antenna of interest, but is none the less very educational.
This would be the same for using a "mirrored" port, you would of couse know if the iPad was responding correctly, but not if it was receiving correctly.
So I guess it all depends on what you want to do with wireshark, just poke around to see what's happening, check out an unreliable communication channel or look at the specifics of a protocol implementation?
So long as it's not checking out an unreliable connection then you can get a laptop, connect to the WiFi and inhale every packet in the room.
answered 20 Sep '12, 16:03
I'm going to refer you to the cisco Admin manual: http://www.cisco.com/en/US/docs/routers/csbr/rv110w/administration/guide/rv110w_admin.pdf
"The LAN host (PC) should use a static IP address to avoid any issues with port mirroring"
Are you using a static IP on your PC?
answered 21 Sep '12, 16:39
Are you really sure? I don't see an option to mirror the Wifi traffic.
answered 24 Sep '12, 15:58
Kurt Knochner ♦