If your PC can browse the web while connected to a monitoring port of a switch and there is no other wired or wireless NIC active, either the implementation of monitoring on that switch is really unusual or the configuration is wrong. Therefore, the port cannot forward even the NIC's ARP responses to their destinations. The way port monitoring works on most switches, it is not possible to use the PC's NIC connected to a monitoring port to connect the PC to the network, at least because the ingress direction of a monitoring port is disabled. What version would you recommend for Win10 64-bit PC, and why? Could it affect ICMP Redirects?Ĭan I use the same PC NIC to capture VoIP phone traffic and browse the web at the same time? Or its better to capture SIP traffic on one NIC, and browse the web via another NIC installed on the same PC? I noticed, Wireshark uses WinPCap 4.1.3 based on NDIS 5.x driver model, despite Win10PCap exists based on NDIS 6.x driver model, and compatible with Wireshark. Why ICMP packets flow stops as soon as capture stops, despite the switch keeps mirroring VoIP packets to PC?Ĭan I use the same PC NIC to capture VoIP phone traffic and browse the web at the same time? Or its better to capture SIP traffic on one NIC, and browse the web via another NIC installed on the same PC? In this case, how to assign NICs priority correctly? My questions: Is it a typical situation, when a mirrored traffic generates DDoS flow of ICMP Redirect packets from OS TCP Stack? If Yes, why its not mentioned anywhere in the Manuals of Mirrored Switch or Wireshark setup? How can I resolve the issue? I tried blocking ICMP Redirects by Firewall, but they are still generated and saturate the link. As soon as I stop capture, traffic drops to 0, and everything back to normal, even with calls in progress. Ongoing traffic between VoIP Phone and PC raises to 5-10MB/s in each direction, despite no calls in progress. When I start capturing VoIP traffic on the mirror port, the connection is quickly saturated by ICMP Redirect type 5 packets, and blocks VoIP phone access to the web. The switch port 5 WAN is connected to the router. I hooked the phone to port 1 of Netgear GS105E mirroring switch, configured the switch to mirror port 1 to port 2, hooked the PC with Wireshark to port 2. I want to use Port Mirroring switch to capture and analyze on a Win10 PC VoIP traffic going to my VoIP phone on the same LAN segment.
0 kommentar(er)
