Fibre Channel (SAN)

Reply
New Contributor
Posts: 3
Registered: ‎04-14-2011

Sniffing Fibre Channel Packets from Brocade Switch 200E

Hi,

I have Brocade 200E silkworm switch and i want to sniff the fibre channel packets so that i can see the login and link management packets/signals.

Can anyone tell me how shall i sniff the packets (Through GUI like wireshark or any other medium) as wireshark will not sniff the fabre channel packets/signals.

Thanks

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: Sniffing Fibre Channel Packets from Brocade Switch 200E

Hi it seems you've figured out how to open your own topic.

To give you an answer, you can't. You need an FC analyzer to do this, if you have on setup an mirrorport an off you go.

We do have commands like portlogshow which can give more info

External Moderator
Posts: 4,907
Registered: ‎02-23-2004

Re: Sniffing Fibre Channel Packets from Brocade Switch 200E

Hi ankur.goyal,

we have in this Community around 25000 Post.

I see you have just Post at 4 Time the same question.

Now, you can safely post another 24996

Have a Fun.

TechHelp24
Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: Sniffing Fibre Channel Packets from Brocade Switch 200E

The command is a FOS command which you use in your favorite terminal program.

An analyser is a piece of hardware (or perhaps software) that you put in the datastream to analyse the packets.

I don't know where you can obtain one, but if you have an support contract perhaps your vendor will give you a loaner?

Occasional Contributor
Posts: 15
Registered: ‎03-31-2011

Re: Sniffing Fibre Channel Packets from Brocade Switch 200E

Ankur,

"Sniffing" frames on a FC network is not the same as on an Ethernet network. There's no equivalent promiscuous mode for nodes in a FC network, so you can't "listen" to all traffic moving through the network, from one node. You actually have to tap into the network between the source and destination ports you wish to analyze, and this is typically dedicated hardware, that you physically insert into the network. Once you can see the frames, you then need to have a, typically dedicated, high speed hardware and software FC frame analyzer, to analyze the frames. Some examples of frame analyzers include the Xgig Protocol Analyzer Family from JDSU, and the LeCroy FC Protocol Analyzers, (1, 2). BTW, to get an idea of what's involved, here is the class curriculum of a FC Frame Analysis class. I'm sure that there are many such classes available today.

Since it's not desirable to insert the FC Frame analyzer into the network each time you need to analyze the FC frames, (because each time you insert and remove it you interrupt the FC network flow), many times FC frame analyzers are accompanied by dedicated TAP, (Traffic Access Point), network hardware. This device is physically inserted into the network and when turned on, it copies all frames headed for a specific port, to a specific TAP port. Using TAP hardware means that the frame analyzer can be plugged into the TAPped port and then removed, without causing an interruption in the FC network flow. Of course to initially install the TAP hardware, you have to interrupt the network flow. For some, it's decided that it's better to install a permanent, network wide, tap infrastructure, like this device from Virtual Instruments, to go along with their frame analyzer, here.

In some cases, as dion.v.d.c pointed out, this need to TAP the line has been made easier by Brocade, and other FC switch vendors, by providing a Switched Port Analyzer (SPAN) feature, which copies most traffic going to a specific port, to another switch port, sometines called a mirror port. In that case the frame analyzer can be plugged into the SPAN switch port and analyze the traffic flow.

Finally dion.v.d.c also pointed out that in the Brocade Fabric Operating System (FOS), there are diagnostic features that while not a frame analyzer, they can provide some level of diagnostic information about the traffic flow over the FC network. The portlogshow command mentioned is one of those commands.

Good Luck,

Jason

Super Contributor
Posts: 635
Registered: ‎04-12-2010

Re: Sniffing Fibre Channel Packets from Brocade Switch 200E

Jason,

please keep in mind that TAPs will cause a major security issue as well because you can sniff frames without any notice to anybody.In general these boxes are connected to the wrong ports. Setting up a rover infrastructure is really an expensive tasks.

Did Brocade provide any features in 16G FC ASICs which help us to get more traffic information without the expensive FC analyzer? 

Thx Andreas

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.