[GRLUG] Capturing mirrored traffic from a trunk port
Adam Tauno Williams
awilliam at whitemice.org
Fri Aug 6 14:37:49 EDT 2010
On Fri, 2010-08-06 at 13:19 +0000, Michael Mol wrote:
> On Tue, Jul 20, 2010 at 3:46 PM, Adam Tauno Williams
> <awilliam at whitemice.org> wrote:
> > I have a Cisco 2960GTC switch where port X is a trunk port (multiple
> > vLANs run between this port and subinterfaces on a Cisco 7200). However
> > when I capture this traffic to port Y -
> > (config)#monitor session 1 source interface Gi0/X both
> > (config)#monitor session 1 destination interface Gi0/Y
> > - I believe I see all the traffic, but packets do not appear to have
> > vLAN 802.1q tags. I'm capturing the traffic with Wireshark v1.2.1
> > I've tried setting Gi0/Y to switchport trunk mode, to no effect.
> > Do I need to do something on the switch or is it possible the ethernet
> > interface on the Linux workstation is stripping the tags?
> Is your kernel configured with 802.1q support? You may want to check that.
Already uncovered the grim truth.
<http://groups.google.com/group/mosg/browse_thread/thread/e781f994be3fe1a1?hl=en>
In brief -
<quote>
It depends on the NIC, the NIC firmware, the driver, and the alignment
of the moon and planets. (A table enumerating the behaviors of various
adapters, firmware versions, and drivers might be useful. -Guy Harris)
</quote>
No such table exists and this 'feature' isn't documented anywhere for
any NIC I have.
--
Adam Tauno Williams <awilliam at whitemice.org> LPIC-1, Novell CLA
<http://www.whitemiceconsulting.com>
OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the grlug
mailing list