Currently we are involved in Nice VoIP Infrastructure. We had a case where sniffer port was unable to receive data but wireshark shows packets receive.
Is it a current status of sniffer port?
Is it that wireshark is only capturing what switch port is throwing not what sniffer captures?
Your quick response will be highly appreciated.
asked 16 Jun '12, 04:09
I'm not really sure what you are asking, but here is my guess, based on the information you provided:
Maybe you did not connect wireshark to the monitor/mirror/span/sniffer port on the switch and you saw broadcast traffic in wireshark, as you do on any regular access port of a switch. Maybe it was traffic to/from your sniffer PC. To verify that, please tell us more about your sniffer (switch) setup and tell us what you saw in wireshark.
what do you mean by "what sniffer captures"? Wireshark IS the sniffer. Maybe you can tell us a bit more about your setup.
Did you check this: http://wiki.wireshark.org/CaptureSetup/Ethernet