Ask Your Question

Revision history [back]

Server 2012 R2 Not Capturing Monitor-Session Packets

Hi All,

I've configured a monitor session on a Cisco NCS5501, that is dumping the mirrored traffic to a HP Proliant G8 running Server 2012 R2 on NIC #2.

I can blatantly see that the monitor session is sending traffic to NIC 2 on the server, but WireShark doesn't pick up any incoming traffic,

I've tried installing 3.0.1 & 2.6.8 - same behavior... I have Wireshark running at a remote site on a laptop (same monitor session configuration, and that is not having any issues capturing the traffic.

Any thoughts?

Port traffic stats: GigabitEthernet0/0/0/22 is up, line protocol is up Interface state transitions: 3 Hardware is GigabitEthernet, address is 00bc.602e.7458 (bia 00bc.602e.7458) Description: WIRESHARK INTERFACE; HP PROLIANT - NIC2 Layer 2 Transport Mode MTU 1514 bytes, BW 1000000 Kbit (Max: 1000000 Kbit) reliability 255/255, txload 0/255, rxload 0/255 Encapsulation ARPA, Full-duplex, 1000Mb/s, TFD, link type is force-up output flow control is off, input flow control is off Carrier delay (up) is 10 msec loopback set (Internal), Last link flapped 00:53:58 Last input never, output 00:00:00 Last clearing of "show interface" counters never 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 10000 bits/sec, 18 packets/sec 0 packets input, 0 bytes, 0 total input drops 0 drops for unrecognized upper-level protocol Received 0 broadcast packets, 0 multicast packets 0 runts, 0 giants, 0 throttles, 0 parity 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 60945 packets output, 4525868 bytes, 0 total output drops Output 2 broadcast packets, 81 multicast packets 0 output errors, 0 underruns, 0 applique, 0 resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions

click to hide/show revision 2
None

Server 2012 R2 Not Capturing Monitor-Session Packets

Hi All,

I've configured a monitor session on a Cisco NCS5501, that is dumping the mirrored traffic to a HP Proliant G8 running Server 2012 R2 on NIC #2.

I can blatantly see that the monitor session is sending traffic to NIC 2 on the server, but WireShark doesn't pick up any incoming traffic,

I've tried installing 3.0.1 & 2.6.8 - same behavior... I have Wireshark running at a remote site on a laptop (same monitor session configuration, and that is not having any issues capturing the traffic.

Any thoughts?

Port traffic stats:
GigabitEthernet0/0/0/22 is up, line protocol is up 
  Interface state transitions: 3
  Hardware is GigabitEthernet, address is 00bc.602e.7458 (bia 00bc.602e.7458)
  Description: WIRESHARK ***WIRESHARK INTERFACE; HP PROLIANT - NIC2 NIC2***
  Layer 2 Transport Mode
  MTU 1514 bytes, BW 1000000 Kbit (Max: 1000000 Kbit)
     reliability 255/255, txload 0/255, rxload 0/255
  Encapsulation ARPA,
  Full-duplex, 1000Mb/s, TFD, link type is force-up
  output flow control is off, input flow control is off
  Carrier delay (up) is 10 msec
  loopback set (Internal),
  Last link flapped 00:53:58
  Last input never, output 00:00:00
  Last clearing of "show interface" counters never
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 10000 bits/sec, 18 packets/sec
     0 packets input, 0 bytes, 0 total input drops
     0 drops for unrecognized upper-level protocol
     Received 0 broadcast packets, 0 multicast packets
              0 runts, 0 giants, 0 throttles, 0 parity
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     60945 packets output, 4525868 bytes, 0 total output drops
     Output 2 broadcast packets, 81 multicast packets
     0 output errors, 0 underruns, 0 applique, 0 resets
     0 output buffer failures, 0 output buffers swapped out
     3 carrier transitions