I am unable to get wireshark to read a SPAN destination port that it is connected.
I start with a pc connected by ethernet to a switchport that has been placed in VLAN 100 with with an SVI 100 in the same subnet. The port status is up/up. Pings work both ways.
I configure SPAN on the switch, and the port state changes to up/down. My understanding this is normal for the SPAN destination port to transition to up/down because it's in port mirroring mode. Pings on the VLAN continue to work.
I turn on wireshark and select the ethernet NIC for the PC.
I do some pings on the other VLAN 50 which includes the source port that I configured in SPAN. My understanding is in theory Wireshark should pick up the ICMP traffic, but i doesn't see it.
I also try pings on the VLAN 100 accross the destination port but this traffic is also not detected.
All I see in wireshark are some ARP messages.
First question is am I setting this up right in theory?
Second question is what is, if that is so, what it blocking wireshark from working?
