This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot see all traffic on a span source vlan

0

I'm sending traffic to wireshark on a span port source vlan 110. I'm seeing traffic but only traffic on the VLAN. The destination is all broadcast and multicast. Why am I not seeing traffic to my other VLANS/Networks?

asked 25 Jul '14, 13:38

judgejudy's gravatar image

judgejudy
1222
accept rate: 0%

A few questions:

  • Are you applying any filters to your Wireshark trace? Note that a capture filter would need the "vlan" keyword to capture any traffic with 802.1q frames.
  • Are you sure your SPAN configuration is correct? Assuming Cisco IOS, does the output of "show port monitor" confirm the vlan in question has traffic forwarded to the interface you have the trace running on?
  • Note that vlan-based SPAN is only going to forward the traffic that this particular switch sees on this vlan, unless you've also configured remote SPAN sessions on upstream switches. For the traffic that you want to see, can you confirm if the traffic is on this switch or on another?
  • For the broadcast traffic you see, are these broadcasts for the vlan you have the monitor session for? If the port is a SPAN port, you should see no traffic other than what is being monitored coming toward you.
(26 Jul '14, 21:44) Quadratic