Capturing FTP on mirrored port not working
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-23-2015 07:50 PM
Hi,We have Extreme Summit x450e (48-port) switches in our environment and I'm trying to capture FTP traffic between a copier on my network and a file server.
Thanks for listening and I appreciate any help.
- I mirrored the copier port
- Plugged a laptop into the mirrored port
- Started Wireshark capture in promiscuous mode
- Scanned a document on the copier which opens and FTP connection to our file server
- No FTP traffic appears in the capture
- Opened Wireshark on my laptop ... capturing in promiscuous mode
- established and FTP connection with the file server via CLI
- Observed FTP protocol in Wireshark capture (Success!)
- I mirrored my laptop port on the swtich
- Plugged a new laptop into the mirrored port
- Opened Wireshark on the new laptop... capturing again in promiscuous mode
- established an FTP connection from my laptop to the file server via CLI
- No FTP traffic captured
Thanks for listening and I appreciate any help.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-24-2015 03:34 AM
Are you sure that the printer/scanner is doing FTP?
I did not have ever issue of "not seeing traffic" with port mirroring, but can be of course bug.
When you have the mirror configured, do you see other unicast traffic from the printer?
Take another computer and ping the printer. do you see the ping & pong in your wireshark? = this will give you a hint if only FTP is missing or the mirror does not work at all...
I did not have ever issue of "not seeing traffic" with port mirroring, but can be of course bug.
When you have the mirror configured, do you see other unicast traffic from the printer?
Take another computer and ping the printer. do you see the ping & pong in your wireshark? = this will give you a hint if only FTP is missing or the mirror does not work at all...
Regards
Zdeněk Pala
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-23-2015 09:52 PM
Hello Joe,
It would be helpful to see the mirror configuration; however, you can also double check the configuration. Typical mirror setup is as follows (utilizing the "DefaultMirror":
configure mirror defaultmirror add port (port you want to capture traffic from)
enable mirror defaultmirror to port (port you are connected to with Wireshark running)
Thanks
It would be helpful to see the mirror configuration; however, you can also double check the configuration. Typical mirror setup is as follows (utilizing the "DefaultMirror":
configure mirror defaultmirror add port (port you want to capture traffic from)
enable mirror defaultmirror to port (port you are connected to with Wireshark running)
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-23-2015 09:40 PM
Hello Joe
I have not seen or maybe I don't remember this ever being an issue. Can you add your mirror config to the post to see how things are set up?
In general you set up the mirror port then you add the port you want to mirror to the mirror and all traffic should show up.
I will see if I can try it out.
Thanks
P
I have not seen or maybe I don't remember this ever being an issue. Can you add your mirror config to the post to see how things are set up?
In general you set up the mirror port then you add the port you want to mirror to the mirror and all traffic should show up.
I will see if I can try it out.
Thanks
P
