INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Jobs from Indeed

HP Procurve 2650 and wireshark

HP Procurve 2650 and wireshark

(OP)
Hi,

I'm not sure if I've understood port monitoring with my 2650 but if I want to monitor outgoing traffic via our Netgear router connected to the switch and:

  • the Netgear router is on port 45
  • my PC running wireshark is on port 8
Then I thought I could make port 8 the "monitoring port" and make port 45 the monitored port. If I do this though I don't see all traffic going through the router. Am I missing something? I'm basically trying to mmonitor all outbound traffic that goes through the router.

RE: HP Procurve 2650 and wireshark

Do a "show monitor" on the switch. What do you see?

Do you have the "Promiscuous mode" box ticked in Wireshark?

RE: HP Procurve 2650 and wireshark

(OP)
Thanks for the response, this is using the CLI, right? I've just been using the web interface so far. I'll see about luiniking it up to a PC so I can telnet in, run the command and report back. And yes, wireshark is in promiscuous mode.

RE: HP Procurve 2650 and wireshark

(OP)
Hi, connected via telent and got:

ProCurve Switch 2650# show monitor

Network Monitoring Port

Mirror Port: 8

Monitoring sources
------------------
45

However I don't seem to see any internet bound traffic coming from that port, the ip address that is "busy" is my own. Am I missing something in the way that this is supposed to work?

RE: HP Procurve 2650 and wireshark

(OP)
OK, so I'm trying to spread the net a bit further so I'm including extra monitoring sources to be mirrored to port 8 (the prt with my PC on running wireshark in promiscuous mode). So far I have the ports monitored for:

The Netgear router (default gateway)
The SBS Server which is also the nameserver
two PCs

So I should be seeing the traffic to and from all these ports, right? If I get one of the PCs to visit a particular website and filter by ip address that the domain resolves to in Wireshark e.g. ip.addr == x.x.x.x I don't get anything. It will however, pick up my own traffic from my machine if I then visit the website and apply this filter.

RE: HP Procurve 2650 and wireshark

Your machine running wireshark has to be patched to the mirror port.
If your PC is visiting websites, then it isn't on a mirror port.

RE: HP Procurve 2650 and wireshark

(OP)
Thanks Vince, I'm not sure I understand so I'll need to clarify.

I've checked the physical cabling and the office LAN socket that my PC is wired into ends up at Port 8 on the switch which is the mirror port. Are you saying it has to be DIRECTLY wired straight to that port and not via the network socket in the office which is wired back to the patch panel which in turn is wired into the switch on that port?

Thanks

Dan

RE: HP Procurve 2650 and wireshark

No, I'm not saying that.
When you said your PC was visiting websites, I momentarily misunderstood that you meant the PC you were running Wireshark on. I see that's not the case. I have no idea why you can't see the traffic that's being mirrored.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close