[Winpcap-users] Filter mirrored traffic
Dennis Hückelheim
dennis.hueckelheim at gmail.com
Wed Aug 7 01:58:37 PDT 2013
Hello,
I'm tring to monitor a port on my backbone switch. Port mirroring is
enabled and running capture without any filter shows all subnets off this
port (192.168.11.0/24 wich is also the subnet of the monitoring client
itself and 192.168.12.0/24, 192.168.13.0/24, 192.168.14.0/24 and
192.168.15.0/24).
I'm interessted on all traffic but 192.168.15.0/24. So I tried to set the
filter to "not net 192.168.15.0/24". But it does not work, it still
monitors all traffic. Setting the filter to "net 192.168.15.0/24" does not
capture anything. I can only use a net-filter if the subnet is
192.168.11.0/24. If I use one of the other subnets, they are ignored.
Since all other subnets are mirrored, I think it's related to the
mirroring, but why? Or do I've an error in reasoning?
Kind regards,
Dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130807/5b97b3c4/attachment.html>
More information about the Winpcap-users
mailing list