Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 11
Registered: ‎08-21-2011

Problem on using tcpdump on a Brocade FastIron mirror port.

Hi All

I am suffering a problem from a customer networks, so I need to run tcpdump on a linux host in order to capture traffics on four dedicated ports.

The servers and incoming connection are all connected to the FastIron, so I configured the mirror and monitor as below.

BR@sw01>sh mirror ethernet 4/21

Mirror port 4/21

  Input monitoring : (S2)  16  17  18  19

  Output monitoring : (S2)  16  17  18  19

Then I connected a linux host on port  e 4/21 in order to capture packet.

On the linux host, if I run the tcpdump without filter, all the packet can be captured. However, if I run the tcpdump with port filter, nothing is being captured. One thing I needed to point out is that I confirmed that the traffics with specific port  presented in the traffics.

below is the tcpdump command I used.

without filter

tcpdump -i eth1 -s 0

with filter

tcpdump -i eth1 port 1812 or port 1813 -s 0

I setup the same environment using Cisco Switch, and I do not find this problem.  I really hope is there anyone can help me to solve the problem.

Thanks

-paul

Occasional Contributor
Posts: 11
Registered: ‎08-21-2011

Re: Problem on using tcpdump on a Brocade FastIron mirror port.

anyone help?

Occasional Contributor
Posts: 12
Registered: ‎06-18-2011

Re: Problem on using tcpdump on a Brocade FastIron mirror port.

I don't think you have entered all the required configuration.  Below is an example from the Fastiron Configuration Guide for version 7.2.02f

Monitoring a port

To configure port monitoring on an individual port on a Brocade device, enter commands similar to

the following.

FastIron(config)#mirror-port ethernet 1/2/4

FastIron(config)#interface ethernet 1/2/11

FastIron(config-if-e1000-11)#monitor ethernet 1/2/4 both

Traffic on port e 1/2/11 will be monitored, and the monitored traffic will be copied to port e 1/2/4,

the mirror port.

New Contributor
Posts: 2
Registered: ‎04-07-2014

Re: Problem on using tcpdump on a Brocade FastIron mirror port.

I have the same problem mentioned above by rbking...

Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: Problem on using tcpdump on a Brocade FastIron mirror port.

if this is the exact same, then the error is in the tcpdump command missing any UDP filter.   If this is not the exact same please post a new meesage  to the forum.

 

Thanks

Michael.

Thanks
Michael
New Contributor
Posts: 2
Registered: ‎04-07-2014

Re: Problem on using tcpdump on a Brocade FastIron mirror port.

I don't understand at all what you mean.

 

Tcpdumd works fine with others port mirror created with others vendors like Cisco.

 

The configuration is exactly the same you mentioned above. If I execute:

 

tcpdump -i eth1 --> I get traffic.

 

tcpdump -i eth1 port 80 --> Nothing is printed out.

 

Thanks!!

 

Contributor
Posts: 54
Registered: ‎01-27-2010

Re: Problem on using tcpdump on a Brocade FastIron mirror port.

The tcpdump options can be tricky.  Google "tcpdump tutorial" for good examples.

 

Instead of 

 

tcpdump -i eth1 port 1812 or port 1813 -s 0

 try

 

tcpdump -i eth1 port 1812 or 1813 -s 0

 or instead you can use

 

tcpdump -i eth1 portrange 1812-1813 -s 0

 I think that FastIron mirror ports (at least in 7.2.02f) don't accept input.  So changing a tcpdump option will change tcpdump, not what comes out of the mirror port.   Hope this helps!

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.