Port Mirror not showing packets

Port Mirror not showing packets

Port Mirror not showing packets
Port Mirror not showing packets
2024-06-18 09:40:26 - last edited 2024-06-20 05:08:30
Model: TL-SG108E  
Hardware Version: V6
Firmware Version: 1.0.0 Build 20211209 Rel.52369

Hey guys so i did setup a port mirror port 1 to be mirrored to port 6 and port 6 is in my server (proxmox) and i have linux bridge for it and i have it in kali linux to see the traffic going in/out from port 1 but wireshark doesnt show anything useful from that interface no pings no dns from ips all i see is random like realtek protocol and arp but nothing what i want

 

 

as you can see in the image ping doesnt show

  0      
  0      
#1
Options
1 Accepted Solution
Re:Port Mirror not showing packets-Solution
2024-06-19 06:04:29 - last edited 2024-06-20 05:08:30

Hi @DaYroXy 

Thanks for posting in our business forum.

DaYroXy wrote

  @Clive_A Hey, thanks for replying of course i know that wireshark is realtime it doesnt matter if i use filters or not there are no traffic that is mirrored most of the traffic is just arp.

and my setup is like that i have my router connected to the switch on switch port1 and switch port4 connected to windows switch port 3 connected to the server and port 6 is the mirrored traffic also plugged to server so all traffic from port1 should be in port6 i have both port6 and 1 connected to kali and when i capture the interface that is using port6 i wont get the data that i really want like icmp or nmap for example i want to setup IDS on the mirrored data. So when pinging from windows to the gateway or anything that has to pass to the router first it just doesnt get captured

I would assume that this is a problem with your NIC or Wireshark.

As you have multiple NICs and VM, you should be careful with your setup. You are only getting the ARP and broadcast packets which is not normal. You may not select the correct card.

 

I have a 105E and I don't think I am seeing the same thing. If you still cannot figure this out, I recommend you do a test with the regular PC and make sure you've selected the right card.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#4
Options
4 Reply
Re:Port Mirror not showing packets
2024-06-19 01:51:01 - last edited 2024-06-19 01:53:41

Hi @DaYroXy 

Thanks for posting in our business forum.

You should use filter icmp to find out if there is any ping.

You ping 4 times and the Wireshark results are real-time if you do not stop capturing. The ping may be pushed up.

 

And, your way of asking this is weird. You are using Windows and you ping 10.0.0.1, and showed me a picture of the Kali. I don't understand it. 

Do you misunderstand the mirroring and mirrored ports?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Port Mirror not showing packets
2024-06-19 03:47:51 - last edited 2024-06-19 03:49:02

  @Clive_A Hey, thanks for replying of course i know that wireshark is realtime it doesnt matter if i use filters or not there are no traffic that is mirrored most of the traffic is just arp.

and my setup is like that i have my router connected to the switch on switch port1 and switch port4 connected to windows switch port 3 connected to the server and port 6 is the mirrored traffic also plugged to server so all traffic from port1 should be in port6 i have both port6 and 1 connected to kali and when i capture the interface that is using port6 i wont get the data that i really want like icmp or nmap for example i want to setup IDS on the mirrored data. So when pinging from windows to the gateway or anything that has to pass to the router first it just doesnt get captured

  0  
  0  
#3
Options
Re:Port Mirror not showing packets-Solution
2024-06-19 06:04:29 - last edited 2024-06-20 05:08:30

Hi @DaYroXy 

Thanks for posting in our business forum.

DaYroXy wrote

  @Clive_A Hey, thanks for replying of course i know that wireshark is realtime it doesnt matter if i use filters or not there are no traffic that is mirrored most of the traffic is just arp.

and my setup is like that i have my router connected to the switch on switch port1 and switch port4 connected to windows switch port 3 connected to the server and port 6 is the mirrored traffic also plugged to server so all traffic from port1 should be in port6 i have both port6 and 1 connected to kali and when i capture the interface that is using port6 i wont get the data that i really want like icmp or nmap for example i want to setup IDS on the mirrored data. So when pinging from windows to the gateway or anything that has to pass to the router first it just doesnt get captured

I would assume that this is a problem with your NIC or Wireshark.

As you have multiple NICs and VM, you should be careful with your setup. You are only getting the ARP and broadcast packets which is not normal. You may not select the correct card.

 

I have a 105E and I don't think I am seeing the same thing. If you still cannot figure this out, I recommend you do a test with the regular PC and make sure you've selected the right card.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#4
Options
Re:Port Mirror not showing packets
2024-06-20 04:55:14 - last edited 2024-06-20 05:09:04

Hello! first of all thank you for your response and im sorry for late reply and i think you may be correct i did plug it into my own pc and tried to do stuff on the server and infact the traffic is mirrored im not sure that the if the issue is from proxmox or the nic these are the one i have on the server: 4xEthernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15) and when i tried on my pc, intel ethernet connection I219-V i got the traffic that im looking for. kinda of not sure of where the problem could be nic or the proxmox

 

*EDIT* turns it proxmox linux bridge was causing issues i did pass it as PCI to the VM now i can capture all traffic, thank you so much :))

  1  
  1  
#5
Options

Information

Helpful: 0

Views: 348

Replies: 4

Related Articles