I am going to pull my hair out trying to figure out why I can only see broadcast type traffic in my packet captures. I have just started at a new company that uses all HP ProCurve switches. I have gone in and set the port to be mirrored, and the port to monitor from. When I connected my LAN cable, the Windows Network Adapter properties tells me I am receiving all kinds of packets. In the hundreds of thousands. When I start a new capture, all I get is broadcast type traffic (and not very much of it, certainly not hundreds of thousands of packets). I have tried 2 different Dell Laptops with new installs of Wireshark and even 2 different versions. I have made sure not filters are in place, which shouldn’t be with a default install, and I have made sure the Windows FW is turned off. The Promiscuous option is turned on…
I am not sure what else I am missing. I am trying to monitor the traffic going from our internal HP Switch to our internal Firewall. I know there is tons of traffic moving over that link and the switch traffic light is blinking in-sync with my monitor port light, so that combined with how many packets Windows says is coming in, makes me believe the monitoring is working right. I did try a different switch to include just a regular access port for our mail gateway and still just broadcast traffic.
I have never had this problem before so I am really scratching my head. This should be such a basic thing, and it’s not working.
The only thing I am not familiar with is the HP switches as I have always used Cisco switches, but other than that… I’ve got nothing.
Any thoughts?