Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > mirrored port can't capture traffic in promisc mode

Reply
Thread Tools Display Modes

mirrored port can't capture traffic in promisc mode

 
 
Stuart Herd
Guest
Posts: n/a

 
      02-02-2004, 01:11 PM
hi all,

weird one here, i'll try to be as specific as possible...

redhat 8 w' updates
custom kernel 2.6.1

two nics connected to an extreme switch

eth0 - 192.168.2.1
eth1 = 192.168.5.253

eth1 is a monitoring port connected to a mirrored port on the switch
configured as it's own vlan

[root@monitor root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:02:55:67:F7:E3
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::202:55ff:fe67:f7e3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1405684 errors:0 dropped:0 overruns:0 frame:0
TX packets:620107 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:241740537 (230.5 Mb) TX bytes:59998530 (57.2 Mb)
Interrupt:24

eth1 Link encap:Ethernet HWaddr 00:02:55:67:F7:E4
inet addr:192.168.5.253 Bcast:192.168.5.255
Mask:255.255.255.0 inet6 addr: fe80::202:55ff:fe67:f7e4/64
Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500
Metric:1 RX packets:55473093 errors:0 dropped:0 overruns:0
frame:0 TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3720189549 (3547.8 Mb) TX bytes:3924 (3.8 Kb)
Interrupt:25

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:311253
errors:0 dropped:0 overruns:0 frame:0 TX packets:311253 errors:0
dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX
bytes:127934020 (122.0 Mb) TX bytes:127934020 (122.0 Mb)

if i run a tcpdump -i eth1 i get tons of streaming traffic across the
console, it's obviously seeing all that it should and working well.

I am using a number of applications that take advantage of packet
analysis, i.e bandwidthd, snort and ntop. Unfortunately when i run any of
these programs they do not capture any of the traffic coming across the
port.
if i use eth0 as a test to capture data it does so no problem. I have
switched ip's on the nics and swapped out the cables reversing the setup.
Same thing happens so it's not the cards/drivers etc

Any ideas?

--

=======================================
<there is no number in my email address>
 
Reply With Quote
 
 
 
Reply

« resolving locally | VPN through Netwinder Office Server »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
NETMON 3.2 Capture HTTP and SQL Server Traffic Paul Landry Windows Networking 0 01-07-2009 03:30 AM
Netmon: How to capture traffic from a single app? douglasl Windows Networking 1 10-24-2008 08:58 AM
capture traffic and save it RicK_Murphy Linux Networking 6 09-06-2008 08:51 AM
function set packet capture promisc mode in linux? Xend Linux Networking 1 06-23-2008 08:29 PM
Kismet can't capture traffic with Netgear WG511T Àngel Català Linux Networking 0 07-25-2006 10:58 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11