Hi all Hope someone has come across this before and can help me before I tear my hair out! I have Wireshark set up on a Sony Vaio PCG-4N1M which has a Marvell Yukon 88E8055 NIC and am trying to packet sniff by linking it to a mirror output port on a HP 5400 series switch. I know Wireshark is installed correctly as I can see the packet count incrementing on the wireless NIC when I view 'Capture Interfaces'. However, when I link the Vaio to the mirror port through the wired NIC and a length of ethernet cable I get a zero packet count. Below are the instructions I followed. I'm hoping I've made a daft mistake! INSTRUCTIONS I FOLLOWED The port I am monitoring is untagged on a VLAN called 'Inward'. I ensured the spare port I would be using as the mirror output port matched this configuration. I then set up a mirror port on the 5400 series switch as follows: mirror-port <port> where <port> is the port you want to use for the output. To select the ports you want to monitor, use the command interface ethernet < monitor-list > monitor where: < monitor-list > includes port numbers and static trunk names such as a4, c7, b5-b8, and trk1. Using the 'show monitor' command I checked the mirror port configuration is set up as it should be. I then connect my monitoring PC (which is a Sony Vaio PCG-4N1M) to the mirror output port using a length of ethernet cable. This laptop has a Marvell Yukon 88E8055 NIC so I have made sure I have changed the registry as per the instructions on the Wireshark website. These are as follows: You should add the DWORD SkDisableVlanStrip with value of 1 and the DWORD *PriorityVLANTag (including the star) with value of 0 under the registry key: "HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E972-E325-11CE-BFC1-08002bE10318}\000" , where 000 is the number of the folder for the Marvel ethernet controller. Finally I have unticked all the settings under the connection properties for the NIC to ensure Wireshark is only capturing traffic from the mirror output port. asked 23 Sep '13, 01:17  TQMan |
One Answer:
Is the monitor port enabled? If you connect the Vaio to a "normal" network port, do you see broadcast traffic in Wireshark? answered 30 Sep '13, 15:28  SYN-bit ♦♦ |
My apologies. I should have replied to this sooner.
The list of commands I entered into the CLI did not bring back any error message and (from checking through the CLI) all appeared to be set up OK.
However, when I tried enabling monitoring through the web console (after undoing everything I had done in the CLI) it all worked as it should.
Bizarre, but I'm happy it worked and Wireshark proved itself invaluable again.
Many thanks.