We have Extreme Summit x450e (48-port) switches in our environment and I'm trying to capture FTP traffic between a copier on my network and a file server.
- I mirrored the copier port
- Plugged a laptop into the mirrored port
- Started Wireshark capture in promiscuous mode
- Scanned a document on the copier which opens and FTP connection to our file server
- No FTP traffic appears in the capture
OK. Let's see if I Wireshark can pick up the FTP traffic natively from my laptop, with no port mirroring
- Opened Wireshark on my laptop ... capturing in promiscuous mode
- established and FTP connection with the file server via CLI
- Observed FTP protocol in Wireshark capture (Success!)
OK. So it's not my config of Wireshark. It is picking up FTP traffic natively from my laptop. So let's mirror the port my laptop is on and try again
- I mirrored my laptop port on the swtich
- Plugged a new laptop into the mirrored port
- Opened Wireshark on the new laptop... capturing again in promiscuous mode
- established an FTP connection from my laptop to the file server via CLI
- No FTP traffic captured
This leads me to believe that there is something about the mirroring process on my switches that is not sending FTP traffic to a mirrored port. I know not everyone has Extreme switches, but has anyone heard of such behavior in their own environments?
Thanks for listening and I appreciate any help.