[Ethereal-users] Strange Ethereal Issue when port spanning/mirroring

["Ken Young" <CiscoKid@xxxxxxxxxxxxxxx>]

If have just rebuild my laptop and re-installed Ethereal v0.99.   Everything
seemed to be fine when I was capturing the network traffic to and from the
laptop, example when capturing a ping (default 4 requests):

 

I would capture the following 8 packets in the flow:

 

1.	Laptop - ICMP Request
2.	Destination - ICMP Reply
3.	Laptop - ICMP Request
4.	Destination - ICMP Reply
5.	Laptop - ICMP Request
6.	Destination - ICMP Reply
7.	Laptop - ICMP Request
8.	Destination - ICMP Reply

 

However when I setup port mirroring and capture a ping from Host A to Host
B...I only capture the source Host traffic ... in this case only the ICMP
Requests.

 

Example:

 

Host A - ICMP Request

Host A - ICMP Request

Host A - ICMP Request

Host A - ICMP Request

 

The replies from Host B are not captured.   I know its not an issue with the
switch or the port mirroring because I can connect another PC with Ethereal
re-run the same test and capture all 8 packets.

 

I have also tried to install version 0.10.14 but also received the same
issue.  I have also played around with different Intel NIC driver versions
but no luck as of yet.

 

Also this is not an issue with only ICMP traffic, if I were to capture a FTP
session I would see the same results - only source traffic.

 

Here are the details of my setup:

 

Dell Latitude - D505

OS - Win XP SP2

NIC - Intel Pro/100 VE

NIC Driver - 8.0.27.0 (1/12/2006)

 

 

Any suggestions I would greatly appreciate it...

 

Thanks In advance

<<attachment: winmail.dat>>