I could really use some help here. This is driving me crazy. if you need any other info please let me know. I've tried everything that I can think of and it seems like everything is set up right but it's just not sending the traffic to that other port with the USB adapter but I have confirmed that that USB adapter does work because I can assign an IP address and use it So I know it

 

Device Description	TL-SG108E
Firmware Version	1.0.0 Build 20211209 Rel.52369
Hardware Version	TL-SG108E 6.0

1. Goal

Capture all LAN and WAN-bound traffic from my home network using ntopng running inside a Proxmox VM, including unicast flows from all devices.

I let Co-Pilot lay out a good summary of the issue so I didn't forget anything.

2. Current Network Topology

                Router
                 │ (Port 1)
                 │
        ┌────────┴────────┐
        │  TL-SG108E 
to port 1
        └────────┬─────────┘
                 │
     ┌───────────┼──────────────┬───────────────┐
 Port 2        Port 3         Port 6
 Unmanaged     proxmox NIC0       proxmox NIC1
 switch        (vmbr0)        (vmbr1, mirror dest)
 (all clients)

Proxmox host (Nox)

• nic0 → vmbr0 → LAN
• enxc8a362371d6b → vmbr1 → mirror input

ntopng VM (Daniel)

• ens18 → vmbr0 → has IP
• ens19 → vmbr1 → no IP (sniff-only)

3. What I Have Already Verified

Below are the exact commands I ran and the stripped-down outputs that matter.

3.1 Proxmox host NICs

Command:

ip -br link show

Key output:

nic0 UP
enxc8a362371d6b UP PROMISC
vmbr0 UP
vmbr1 UP

3.2 Proxmox bridge membership

Command:

brctl show

Key output:

vmbr1: enxc8a362371d6b, tap102i1

This proves:

• enxc8a362371d6b (USB NIC) is the physical mirror input
• tap102i1 is Daniel’s ens19
• Therefore ens19 is connected to vmbr1

3.3 Network interface configuration (both devices)

Nox (Proxmox host)

Command:

cat /etc/network/interfaces

Key output:

auto lo
iface lo inet loopback

iface nic0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.6/24
    gateway 10.0.0.1
    bridge-ports nic0
    bridge-stp off
    bridge-fd 0

auto vmbr1
iface vmbr1 inet static
    bridge-ports enxc8a362371d6b
    bridge-stp off
    bridge-fd 0

This confirms:

• vmbr0 = LAN bridge
• vmbr1 = mirror bridge
• vmbr1 has no IP (correct for sniffing)
• USB NIC is correctly enslaved to vmbr1

Daniel (ntopng VM)

Command:

cat /etc/network/interfaces

Key output:

auto lo
iface lo inet loopback

allow-hotplug ens18
iface ens18 inet dhcp

This confirms:

• Only ens18 is configured (correct — it has an IP)
• ens19 is not listed (correct — sniff-only interfaces should not have IP config)
• ens19 is still UP and usable, just not configured for IP

Only broadcast/multicast — no unicast.

3.4 Unicast filter test

Command:

tcpdump -i ens19 -nn -v not multicast and not broadcast

Output:

(no packets)

This confirms no unicast is being mirrored.

4. Switch Configuration (TL-SG108E port mirroring supported)

From my configuration:

• Port Mirror: Enabled
• Mirroring Port: Port 6
• Mirrored Ports:
  • Port 1 (router) — ingress+egress
  • Port 2 (unmanaged switch uplink) — ingress+egress

Even with Port 2 mirrored, no unicast appears.