Port mirroring is useful when troubleshooting an issue where packets entering or leaving an interface need to be captured because you can capture data about the packets being transferred.
For example, when troubleshooting a voice problem, a packet capture allows the engineer to see the actual messages being exchanged between client (phone) and server (softswitch).
To obtain this data, you must enable and configure port mirroring, capture the packets, and save the resulting file for analysis. One popular software application for performing packet captures is called Wireshark.
Note: Port mirroring does not interfere with normal protocol operation, and or has no additional layers of complexity or devices designed to sniff network traffic.
Watch the video on YouTube.
Purpose & Scope
The purpose of this tutorial is to instruct Support and Engineering personnel how to configure mirroring incoming or outgoing WAN network traffic to a specified LAN port and to capture data useful for troubleshooting purposes.
Preparation
The following are required:
- Make sure the appropriate WAN service is built. This tutorial example uses atm0 as the WAN interface. Note: Port mirroring will work with any DSL interface but does not work with an Ethernet WAN interface.
- Determine which LAN interface you wish to send the traffic to, and connect that port to a capture device such as a laptop with packet capture software application installed. This tutorial example uses LAN 4.
- Download the Wireshark application for free, or make sure that a similar packet-capturing application is installed.
Step by Step
- Open a browser and go to: http://192.168.1.1/admin/engdebug.html.
- Click Enable on the WAN interface that is to be mirrored, e.g., atm0.
- Select the destination LAN port where the mirrored traffic will be sent, e.g., LAN 4.
- Click Apply/Save to commit your changes. Next, you will capture the packets.
- Launch the packet capturing application.
- Start the capture. If you are using Wireshark, click Capture > Start. (You may need to select the proper interface on the capture device.)
- Recreate the behavior that you are troubleshooting.
- When you have finished the recreation, click Stop and save the capture for analysis. The example below illustrates the Wireshark application capturing network traffic and filtering results to show only ICMP traffic.