I have a HP Procurve switch configured with port mirroring so that if I plug a PC with wireshark into the monitor port, I can see all the traffic. My issue is that it is on a seperate network to the main company network, and I would like to monitor it with our PRTG installation. The server has a spare network port so that is not a problem - I just need to know how to configure Windows networking so that it is isolated from the main network, and doesn't route any traffic through that port for security reasons, or if possible, configure it as a monitoring port only (i.e. receive traffic but not send).
I tried disabling IPv4, Client for microsoft networks on the adapter, and just leaving the Microsoft network monitor driver ticked, but then this stops it receiving any traffic.
Article Comments
If you connect monitoring port to your PC/SRV NIC you don't need IP settings on interface. So its not going to be routable to your other network.
Dec, 2016 - Permalink
Dmitri is right, let us say you have two interfaces, I always rename them to LAN and SNIFFER.
The LAN interface needs an IP address as normal, and needs to be connected to the LAN.
The SNIFFER interface does not need IP (you can uncheck IPv4/IPv6 on properties, in Windows).
Plug in the SNIFFER interface to your switch's monitoring / mirror / SPAN port, and you are good to go.
On some switches you can configure the SPAN port to be "read only"
Install a PRTG PROBE on this sniffing machine, and it can do lots of nice things.
Personally, I run Tshark (wireshark command line) 24x7 dumping out all voip calls, then use a powershell script to grab details and failures from them.
Dec, 2016 - Permalink
I'm afraid we cannot really provide support for Windows network configurations, particularly as the information processed can vary from system to system, sorry.
What we would recommend, in this instance, is to a use a remote probe installed in the network of the switch you want to monitor - this way you could discern the traffic as is, for this particular network only.
Dec, 2013 - Permalink