Hi all

Hope someone has come across this before and can help me before I tear my hair out!

I have Wireshark set up on a Sony Vaio PCG-4N1M which has a Marvell Yukon 88E8055 NIC and am trying to packet sniff by linking it to a mirror output port on a HP 5400 series switch.

I know Wireshark is installed correctly as I can see the packet count incrementing on the wireless NIC when I view 'Capture Interfaces'.

However, when I link the Vaio to the mirror port through the wired NIC and a length of ethernet cable I get a zero packet count.

Below are the instructions I followed. I'm hoping I've made a daft mistake!

INSTRUCTIONS I FOLLOWED

The port I am monitoring is untagged on a VLAN called 'Inward'. I ensured the spare port I would be using as the mirror output port matched this configuration.

I then set up a mirror port on the 5400 series switch as follows:

###################################

mirror-port <port>

where <port> is the port you want to use for the output.

To select the ports you want to monitor, use the command

interface ethernet < monitor-list > monitor

where: < monitor-list > includes port numbers and static trunk names such as a4, c7, b5-b8, and trk1.

###################################

Using the 'show monitor' command I checked the mirror port configuration is set up as it should be.

I then connect my monitoring PC (which is a Sony Vaio PCG-4N1M) to the mirror output port using a length of ethernet cable.

This laptop has a Marvell Yukon 88E8055 NIC so I have made sure I have changed the registry as per the instructions on the Wireshark website. These are as follows:

###################################

You should add the DWORD SkDisableVlanStrip with value of 1 and the DWORD *PriorityVLANTag (including the star) with value of 0 under the registry key: "HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E 972-E325-11CE-BFC1-08002bE10318}\000" , where 000 is the number of the folder for the Marvel ethernet controller.

###################################

Finally I have unticked all the settings under the connection properties for the NIC to ensure Wireshark is only capturing traffic from the mirror output port.