Switches, Hubs, and Modems
1748129 Members
3733 Online
108758 Solutions
New Discussion

Re: HP GbE2c mirroring problem, seeing only arp/broadcast

 
xavier8
Visitor

HP GbE2c mirroring problem, seeing only arp/broadcast

My goal is to have an NIDS (snort) running on one blade.

 

i try to mirror port 20 on port 5 (port 5 will run the NIDS)

 

Running  Version 5.2.8

 

Here is my config : 

 

 /c/pmirr/mirror ena
/c/pmirr/monport 5

add 1 both

/c/pmirr/monport 5

add 3 both

/c/pmirr/monport 5

add 20 both

/c/pmirr/monport 5

add 24 both

 

 /c/l2/stp 1/clear
/c/l2/stp 1/add 1 4 5 6 7 216 253

 

 /c/port 1

tag ena
pvid 216

/c/port 2

tag ena
pvid 216

/c/port 3

pvid 5

/c/port 4

pvid 5

/c/port 5

tag ena

 

 

the problem is, I see only arp and broadcast with tcpdump -n -i eth0.

 

 I know it's working a bit because when I add a port to port 5, i see the arp/broadcast that should be on this port, but not the IP traffic.

 

any clues ?

 

tx

 

1 REPLY 1
xavier8
Visitor

Re: HP GbE2c mirroring problem, seeing only arp/broadcast

I found the answer, I have specifically to put the interface in promisc mode with ifconfig. tcpdump is not doing the job itself. (contrary to the usual)