Guys,
Can you tell me the syntax to start Wireshark to capture a port on a Netonix switch we have. We have a odd occurrence with a tower top switch we can't see it's IP but we can see it's MAC in the Mac Table show up.
We can scan the subnets and it is not showing up. Am looking to see if we can see it's MAC in wireshark and locate it's ip.
Thanks
Stu
Wireshark
- TowerTech
- Member
- Posts: 6
- Joined: Fri Feb 10, 2017 7:54 am
- Has thanked: 0 time
- Been thanked: 0 time
- CuninganReset
- Member
- Posts: 35
- Joined: Tue Jan 17, 2017 6:15 am
- Has thanked: 18 times
- Been thanked: 9 times
Re: Wireshark
You need to connect to any port of the switch and open Wireshark and listen to any packet.
Once you have a good list of packets filter by MAC
Once you have a good list of packets filter by MAC
-
sirhc - Employee
- Posts: 7419
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: Wireshark
Or if you have latest firmware v1.4.7rc14 (which I hope you do) and you have Discovery service(s) turned on it can be discovered by UDP, LLDP, CDP protocols.
I am guessing you tried a reboot?
Of course it may have been damaged or failed in which case your going to have to climb.
Now of I was going to have a switch up on a tower where it is hard to get to I would make sure I had the latest MODs to help protect against ground current and static discharges especially if you do not have your tower ground rods bonded to your service ground rods.
All switches manufactured after September 2016 have the MODs.
Users can make the MODs themselves if they wish which is explained here: viewtopic.php?f=17&t=2584
The importance of bonding ground rods between tower grounds rods and electric service ground rods to insure no ground potential differnce as well as running a dedicated ground wires up to equipment is explained in these posts. This makes sure all ground potentials are the same and the Ethernet cables do not try to carry the ground current which EThernet Surge Protectors do not help against. And using Ethernet Surge Protectors with "PASSIVE" POE switches/devices can cause more harm than good because most work by clamping all wires to ground which makes a DEAD SHORT and you fry your switch port or worse. Most Ethernet Surge Protectors are designed to work with "ACTIVE" POE and POE Bricks which in either case will not damage them but "PASSIVE" POE is a differnt animal:
viewtopic.php?f=30&t=1816
viewtopic.php?f=30&t=188
viewtopic.php?f=30&t=1429
viewtopic.php?f=17&t=1786&start=30#p13447
https://community.ubnt.com/t5/airFiber/ ... rue#M31070
I am guessing you tried a reboot?
Of course it may have been damaged or failed in which case your going to have to climb.
Now of I was going to have a switch up on a tower where it is hard to get to I would make sure I had the latest MODs to help protect against ground current and static discharges especially if you do not have your tower ground rods bonded to your service ground rods.
All switches manufactured after September 2016 have the MODs.
Users can make the MODs themselves if they wish which is explained here: viewtopic.php?f=17&t=2584
The importance of bonding ground rods between tower grounds rods and electric service ground rods to insure no ground potential differnce as well as running a dedicated ground wires up to equipment is explained in these posts. This makes sure all ground potentials are the same and the Ethernet cables do not try to carry the ground current which EThernet Surge Protectors do not help against. And using Ethernet Surge Protectors with "PASSIVE" POE switches/devices can cause more harm than good because most work by clamping all wires to ground which makes a DEAD SHORT and you fry your switch port or worse. Most Ethernet Surge Protectors are designed to work with "ACTIVE" POE and POE Bricks which in either case will not damage them but "PASSIVE" POE is a differnt animal:
viewtopic.php?f=30&t=1816
viewtopic.php?f=30&t=188
viewtopic.php?f=30&t=1429
viewtopic.php?f=17&t=1786&start=30#p13447
https://community.ubnt.com/t5/airFiber/ ... rue#M31070
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- TowerTech
- Member
- Posts: 6
- Joined: Fri Feb 10, 2017 7:54 am
- Has thanked: 0 time
- Been thanked: 0 time
Re: Wireshark
Still need to know syntax to use wireshark that is loaded on my Ubuntu Laptop to get in and monitor a port on my Netonix Switch.
Can anybody help? Second request.
Can anybody help? Second request.
-
sirhc - Employee
- Posts: 7419
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: Wireshark
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- TowerTech
- Member
- Posts: 6
- Joined: Fri Feb 10, 2017 7:54 am
- Has thanked: 0 time
- Been thanked: 0 time
Re: Wireshark
I have a Netonix Switch that we have lost IP for When I look it up in the mac table lookup this is what we get. It's a mid tower switch and would require a climb.
"ec-13-b2-91-38-ef 1 1 Netonix Unknown"
It shows MAC but no IP.
What is your advise to get the IP Sirhc?
"ec-13-b2-91-38-ef 1 1 Netonix Unknown"
It shows MAC but no IP.
What is your advise to get the IP Sirhc?
-
sirhc - Employee
- Posts: 7419
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: Wireshark
I do not use wireshark a lot and only have used Wireshark on windows a few times and I know just enough to get by with Linux.
I am not super familiar with Wireshark but have been able to muddle my way through to achieve what I needed referencing the manual.
"If" you have your firmware up to date which you "should" and you have at least one discovery protocol turned on in the switch:
Current version v1.4.7rc14 (Which has all the bug fixed reported to date in v1.4.6)
UDB - Ubiquiti Discovery Protocol - Same program used to find UBNT devices
CDP - Cisco DIscovery Protocol
LLDP - Link Layer DIscovery Protocol
Then you can find the switch with a discovery program.
I am not super familiar with Wireshark but have been able to muddle my way through to achieve what I needed referencing the manual.
"If" you have your firmware up to date which you "should" and you have at least one discovery protocol turned on in the switch:
Current version v1.4.7rc14 (Which has all the bug fixed reported to date in v1.4.6)
UDB - Ubiquiti Discovery Protocol - Same program used to find UBNT devices
CDP - Cisco DIscovery Protocol
LLDP - Link Layer DIscovery Protocol
Then you can find the switch with a discovery program.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
-
lligetfa - Associate
- Posts: 1191
- Joined: Sun Aug 03, 2014 12:12 pm
- Location: Fort Frances Ont. Canada
- Has thanked: 307 times
- Been thanked: 381 times
Re: Wireshark
It is entirely possible that MAC does not have an IP. Do you not keep records of all your equipment MAC addresses?TowerTech wrote:I have a Netonix Switch that we have lost IP for When I look it up in the mac table lookup this is what we get. It's a mid tower switch and would require a climb.
"ec-13-b2-91-38-ef 1 1 Netonix Unknown"
It shows MAC but no IP.
What is your advise to get the IP Sirhc?
Probably it is used only on the broadcast domain and so doesn't need an IP.
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: Wireshark
I would use port mirroring for this. Just connecting a PC to the switch won't allow to view all traffic, only broadcast. Only a hub allowed to see all traffic. You must mirror the traffic to a PC with wireshark.
- TowerTech
- Member
- Posts: 6
- Joined: Fri Feb 10, 2017 7:54 am
- Has thanked: 0 time
- Been thanked: 0 time
Re: Wireshark
Mike 99, Thank you!
I am hunting the script tp launch wireshark remote to afix it to one of the switch ports that is connected to the switch I am having issues finding the IP.
Reason is I can not locate the IP of the switch I need to get into and I need to use wireshark to attempt to sniff the packets on the port that missing switch is connected to since it's a tower top switch.
Do you by chance have the actual syntax I need to log on to the switch with wireshark remotely ? From what I gather it is syntax that launches wire-shark automatically and binds it to the port. (windows or linux I have both machines,)
I am hunting the script tp launch wireshark remote to afix it to one of the switch ports that is connected to the switch I am having issues finding the IP.
Reason is I can not locate the IP of the switch I need to get into and I need to use wireshark to attempt to sniff the packets on the port that missing switch is connected to since it's a tower top switch.
Do you by chance have the actual syntax I need to log on to the switch with wireshark remotely ? From what I gather it is syntax that launches wire-shark automatically and binds it to the port. (windows or linux I have both machines,)
Who is online
Users browsing this forum: No registered users and 1 guest