Issue the "sh monitor" command, search if the port monitor is monitoring both directions of the port.
Rafael Sarres de Almeida Seção de Gerenciamento de Rede Superior Tribunal de Justiça Tel: (61) 3319-9342 Chad Webb <[EMAIL PROTECTED]> Enviado por: [EMAIL PROTECTED] 10/10/2007 10:20 Favor responder a Community support list for Wireshark <wireshark-users@wireshark.org> Para wireshark-users@wireshark.org cc Assunto [Wireshark-users] Understanding what I'm seeing I'm currently using version 0.99.6 on a Windows platform. I have the following configuration set up on my Cisco 3560 switch. monitor session 1 source interface Gi0/21 (Windows XP Desktop) monitor session 1 destination interface Gi0/22 (Windows XP Laptop w/Wireshark application) I start a capture, selecting the interface connected to the switch. The capture returns traffic, but all that I'm seeing is what appears to be mostly ARP, Broadcast, DNS Queries and some UDP traffic (all expected). What I'm not seeing is the TCP STREAMS.....I can see some TCP traffic but not the entire stream....so I can't follow any of them. For example, I've been trying to uncover an issue with IMAP mail clients having "network disconnects" to a remote server. When I do anything in my mail all I see is Echo traffic and Source = "localhost" and destination is shown as the system on which my mail client resides. Why can't I see the traffic across the switch like I'm expecting to? Do I have something misconfigured. I haven't done this too often but I though I had once before and saw all of the traffic as normal. Please help. Thanks, Chad Webb _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
