Port mirroring and Wireshark

First do you need to setup port mirroring on a switch in order to capture everything on the network or just a NIC running in promiscuous mode?

Tried to setup port mirroring on a Netgear switch: (Spare switch)
Connected the corporate network to the source port (flat network setup, no VLANs)
Connected the sniffing PC to the designation port

Could not connect to the corporate network.
Tried to configure a static but still could not communicate through the source/destination ports.  However if the PC was plugged into any other port then I could access the network.
WebccAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Port mirroring needs to be setup on the switch where the data is not on a secondary switch as it will only mirror data received.

Main switch port 1 is the feed from the router.
You would configure port x as a mirror of port 1.
You connect your wireshark system to port X and see everything that flows in and out of the network.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Port mirroring only mirrors a single port, not all the traffic on the switch (with exception of VLANs, which can be mirrored as a whole). Depending on the amount of traffic mirrored, the mirror port will not be usable for any regular traffic.
0
WebccAuthor Commented:
If I just plug in without mirroring will I be able to see all traffic or just traffic to and from my computer?
0
arnoldCommented:
On a switch you would commonly see broadcasts, multicasts and what is directed to and is being sent from your system.
0
Fred MarshallPrincipalCommented:
Assuming a switch with a single LAN connecting all the ports.
Then, when you set up a mirror port, that port is *disconnected* from the other ports completely.  It's as if it's on its own VLAN.
Then, when you mirror a LAN port or ports INTO the mirror, you will see only the things that are mirrored.

What I do is this:
1) Set up a workstation on the LAN for general network management purposes.
2) Add a NIC to that computer to monitor mirror ports.  For this NIC it need not have an IP address at all and you can turn off TCP/IP.  It's only job is to listen to what's on the switch mirror port.
3) Add a cable from the mirror port to the added NIC.

So, you need a separate cable to access any mirror port.

With the two NICs (or more) you can have access to the LAN and the internet using the normal NIC on the workstation AND you will have access to any connected mirror port using one of the added NICs.

Wireshark can be set to monitor any of the NICs.

Another approach is to take a laptop to the switch and connect a cable from the laptop to the mirror port on the switch.  You won't expect for the laptop to be on the LAN or to see the internet.  It will only see what's directed to the mirror port on the switch.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.