What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Passive network sniffing with HP Procurve

Votes:

0

I have a HP Procurve switch configured with port mirroring so that if I plug a PC with wireshark into the monitor port, I can see all the traffic. My issue is that it is on a seperate network to the main company network, and I would like to monitor it with our PRTG installation. The server has a spare network port so that is not a problem - I just need to know how to configure Windows networking so that it is isolated from the main network, and doesn't route any traffic through that port for security reasons, or if possible, configure it as a monitoring port only (i.e. receive traffic but not send).

I tried disabling IPv4, Client for microsoft networks on the adapter, and just leaving the Microsoft network monitor driver ticked, but then this stops it receiving any traffic.

packet-sniffing port-mirroring procurve

Created on Dec 13, 2013 8:04:39 AM



Best Answer

Accepted Answer

Votes:

7

Dmitri is right, let us say you have two interfaces, I always rename them to LAN and SNIFFER.

The LAN interface needs an IP address as normal, and needs to be connected to the LAN.

The SNIFFER interface does not need IP (you can uncheck IPv4/IPv6 on properties, in Windows).

Plug in the SNIFFER interface to your switch's monitoring / mirror / SPAN port, and you are good to go.

On some switches you can configure the SPAN port to be "read only"

Install a PRTG PROBE on this sniffing machine, and it can do lots of nice things.

Personally, I run Tshark (wireshark command line) 24x7 dumping out all voip calls, then use a powershell script to grab details and failures from them.

Created on Dec 18, 2016 11:57:50 PM



3 Replies

Votes:

0

I'm afraid we cannot really provide support for Windows network configurations, particularly as the information processed can vary from system to system, sorry.

What we would recommend, in this instance, is to a use a remote probe installed in the network of the switch you want to monitor - this way you could discern the traffic as is, for this particular network only.

Created on Dec 16, 2013 1:58:51 PM by  Patrick Hutter [Paessler Support] (7,225) 3 3



Votes:

0

If you connect monitoring port to your PC/SRV NIC you don't need IP settings on interface. So its not going to be routable to your other network.

Created on Dec 14, 2016 7:17:15 PM



Accepted Answer

Votes:

7

Dmitri is right, let us say you have two interfaces, I always rename them to LAN and SNIFFER.

The LAN interface needs an IP address as normal, and needs to be connected to the LAN.

The SNIFFER interface does not need IP (you can uncheck IPv4/IPv6 on properties, in Windows).

Plug in the SNIFFER interface to your switch's monitoring / mirror / SPAN port, and you are good to go.

On some switches you can configure the SPAN port to be "read only"

Install a PRTG PROBE on this sniffing machine, and it can do lots of nice things.

Personally, I run Tshark (wireshark command line) 24x7 dumping out all voip calls, then use a powershell script to grab details and failures from them.

Created on Dec 18, 2016 11:57:50 PM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.