Wireshark

Kick back and hang out in the lounge and talk about almost anything.
TowerTech
Member
 
Posts: 6
Joined: Fri Feb 10, 2017 7:54 am
Has thanked: 0 time
Been thanked: 0 time

Wireshark

Fri Feb 10, 2017 10:17 pm

Guys,

Can you tell me the syntax to start Wireshark to capture a port on a Netonix switch we have. We have a odd occurrence with a tower top switch we can't see it's IP but we can see it's MAC in the Mac Table show up.

We can scan the subnets and it is not showing up. Am looking to see if we can see it's MAC in wireshark and locate it's ip.

Thanks

Stu

CuninganReset
Member
 
Posts: 35
Joined: Tue Jan 17, 2017 6:15 am
Has thanked: 18 times
Been thanked: 9 times

Re: Wireshark

Wed Mar 15, 2017 11:42 am

You need to connect to any port of the switch and open Wireshark and listen to any packet.
Once you have a good list of packets filter by MAC

User avatar
sirhc
Employee
Employee
 
Posts: 7419
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Wireshark

Wed Mar 15, 2017 12:05 pm

Or if you have latest firmware v1.4.7rc14 (which I hope you do) and you have Discovery service(s) turned on it can be discovered by UDP, LLDP, CDP protocols.

I am guessing you tried a reboot?

Of course it may have been damaged or failed in which case your going to have to climb.

Now of I was going to have a switch up on a tower where it is hard to get to I would make sure I had the latest MODs to help protect against ground current and static discharges especially if you do not have your tower ground rods bonded to your service ground rods.

All switches manufactured after September 2016 have the MODs.

Users can make the MODs themselves if they wish which is explained here: viewtopic.php?f=17&t=2584

The importance of bonding ground rods between tower grounds rods and electric service ground rods to insure no ground potential differnce as well as running a dedicated ground wires up to equipment is explained in these posts. This makes sure all ground potentials are the same and the Ethernet cables do not try to carry the ground current which EThernet Surge Protectors do not help against. And using Ethernet Surge Protectors with "PASSIVE" POE switches/devices can cause more harm than good because most work by clamping all wires to ground which makes a DEAD SHORT and you fry your switch port or worse. Most Ethernet Surge Protectors are designed to work with "ACTIVE" POE and POE Bricks which in either case will not damage them but "PASSIVE" POE is a differnt animal:
viewtopic.php?f=30&t=1816
viewtopic.php?f=30&t=188
viewtopic.php?f=30&t=1429
viewtopic.php?f=17&t=1786&start=30#p13447
https://community.ubnt.com/t5/airFiber/ ... rue#M31070
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

TowerTech
Member
 
Posts: 6
Joined: Fri Feb 10, 2017 7:54 am
Has thanked: 0 time
Been thanked: 0 time

Re: Wireshark

Sun Mar 19, 2017 11:19 pm

Still need to know syntax to use wireshark that is loaded on my Ubuntu Laptop to get in and monitor a port on my Netonix Switch.

Can anybody help? Second request.

User avatar
sirhc
Employee
Employee
 
Posts: 7419
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Wireshark

Sun Mar 19, 2017 11:32 pm

Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

TowerTech
Member
 
Posts: 6
Joined: Fri Feb 10, 2017 7:54 am
Has thanked: 0 time
Been thanked: 0 time

Re: Wireshark

Mon Mar 20, 2017 6:34 am

I have a Netonix Switch that we have lost IP for When I look it up in the mac table lookup this is what we get. It's a mid tower switch and would require a climb.

"ec-13-b2-91-38-ef 1 1 Netonix Unknown"

It shows MAC but no IP.

What is your advise to get the IP Sirhc?

User avatar
sirhc
Employee
Employee
 
Posts: 7419
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Wireshark

Mon Mar 20, 2017 8:41 am

I do not use wireshark a lot and only have used Wireshark on windows a few times and I know just enough to get by with Linux.

I am not super familiar with Wireshark but have been able to muddle my way through to achieve what I needed referencing the manual.

"If" you have your firmware up to date which you "should" and you have at least one discovery protocol turned on in the switch:

Current version v1.4.7rc14 (Which has all the bug fixed reported to date in v1.4.6)

UDB - Ubiquiti Discovery Protocol - Same program used to find UBNT devices
CDP - Cisco DIscovery Protocol
LLDP - Link Layer DIscovery Protocol

Then you can find the switch with a discovery program.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
lligetfa
Associate
Associate
 
Posts: 1191
Joined: Sun Aug 03, 2014 12:12 pm
Location: Fort Frances Ont. Canada
Has thanked: 307 times
Been thanked: 381 times

Re: Wireshark

Mon Mar 20, 2017 10:57 am

TowerTech wrote:I have a Netonix Switch that we have lost IP for When I look it up in the mac table lookup this is what we get. It's a mid tower switch and would require a climb.

"ec-13-b2-91-38-ef 1 1 Netonix Unknown"

It shows MAC but no IP.

What is your advise to get the IP Sirhc?
It is entirely possible that MAC does not have an IP. Do you not keep records of all your equipment MAC addresses?

Probably it is used only on the broadcast domain and so doesn't need an IP.
Selection_012.jpg

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Wireshark

Tue Mar 21, 2017 8:26 am

I would use port mirroring for this. Just connecting a PC to the switch won't allow to view all traffic, only broadcast. Only a hub allowed to see all traffic. You must mirror the traffic to a PC with wireshark.

TowerTech
Member
 
Posts: 6
Joined: Fri Feb 10, 2017 7:54 am
Has thanked: 0 time
Been thanked: 0 time

Re: Wireshark

Wed Mar 22, 2017 8:25 am

Mike 99, Thank you!

I am hunting the script tp launch wireshark remote to afix it to one of the switch ports that is connected to the switch I am having issues finding the IP.

Reason is I can not locate the IP of the switch I need to get into and I need to use wireshark to attempt to sniff the packets on the port that missing switch is connected to since it's a tower top switch.

Do you by chance have the actual syntax I need to log on to the switch with wireshark remotely ? From what I gather it is syntax that launches wire-shark automatically and binds it to the port. (windows or linux I have both machines,)

Next
Return to The Lounge

Who is online

Users browsing this forum: No registered users and 1 guest