NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Port mirroring on GS724TP
I have a GS724TP gigabit managed switch. I have enabled port mirroring as per the image below, but on the device connected to port g22, all I get is the broadcast traffic that I would have got anyway. Is there another setting elsewhere that has to be modified as well?
I am monitoring that port from an Ubuntu device with "tcpdump -i eth1"
Model Nam: GS724TP
Hardware Versio: 00.01.02
Boot Versio: 1.0.1.0
Software Version: V5.2.0.11
Thanks for the configuration confirmation Hopchen. It was a right pain to debug, in the end built an Ubuntu laptop to fully test the port and not use the Ubuntu server instance it was patched to. It was in the end not a lack of promiscuous on either Ubuntu instance that was the issue, it was a lack of promiscuousness on the underlying virtualization layer. Citrix Xen does not act as a pass through even when a physical port is mapped uniquely to one host, so you need the following command executed in the Xen Hypervisor
ovs-vsctl -- set Bridge xenbr1 mirrors=@m \
-- --id=@eth1 get Port eth1 \
-- --id=@vif1.1 get Port vif1.1 \
-- --id=@m create Mirror name=eth1-mirror select-dst-port=@eth1 \
select-src-port=@eth1 output-port=@vif1.1Where the physical interface is eth1 on the Citrix Xen Hypervisor, and vif1.1 is the virtual interface applied to the host.
4 Replies
Hi neilfw
From your picture it looks like the port mirror is done correctly. All traffic on port 5 is mirrored to port 22 and hence your Ubuntu machine in port 22 should see the traffic, using tcpdump.
The symptoms your describe could be because your NIC (on the Ubuntu machine) is not in promiscuous mode. Start tcpdump and see if the NIC enters promiscuous mode. You can check that with the ifconfig command.
It is debated here: https://ubuntuforums.org/showthread.php?t=2204171
Cheers
Thanks for the configuration confirmation Hopchen. It was a right pain to debug, in the end built an Ubuntu laptop to fully test the port and not use the Ubuntu server instance it was patched to. It was in the end not a lack of promiscuous on either Ubuntu instance that was the issue, it was a lack of promiscuousness on the underlying virtualization layer. Citrix Xen does not act as a pass through even when a physical port is mapped uniquely to one host, so you need the following command executed in the Xen Hypervisor
ovs-vsctl -- set Bridge xenbr1 mirrors=@m \
-- --id=@eth1 get Port eth1 \
-- --id=@vif1.1 get Port vif1.1 \
-- --id=@m create Mirror name=eth1-mirror select-dst-port=@eth1 \
select-src-port=@eth1 output-port=@vif1.1Where the physical interface is eth1 on the Citrix Xen Hypervisor, and vif1.1 is the virtual interface applied to the host.
Heya,
Glad you got it solved! Yes, I assumed it was some sort of promiscuous NIC issue when you only saw broadcast.
I recommend that you mark this thread as resolved for now.
Any problems - give us a shout! :)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
