PRTG Sniffing dot1q encapsulation

MonkerzMonkerz Member Posts: 842
Hello all,

I purchased PRTG a year or so ago and have encountered my very first problem with it. For some reason I cannot get my packet sniffer sensors to channelize dot1q encapsulated traffic. It recognizes the traffic and classifies it as OTHER, yet I do not have a definition configured as other. Has anyone come across this before? This is the only site I am having problems with and I think it has to do with dot1q, because all other sites I was able span the WAN port. Unfortunately, I did not have an extra port to utilize on the router and had to resort to spanning the distro switch's uplink. Router is a Cisco 3725 and distro switch is an Adtran 1224.

I am waiting for Paessler to respond to my support ticket, but thought I would ask on here. I have attached screenshots of working probes (DCO and MDT) and the non working probe (ALP).

These are my sniffer's definitions:
(IP[] and (SourcePort[3128] or DestinationPort[3128])) OR (IP[] and (SourcePort[80] or DestinationPort[80])) 

(IP[] or IP[] or IP[] or IP[] or IP[])

(Protocol[TCP] and (DestinationPort[20-21] OR SourcePort[20-21]))

(Protocol[TCP] and (SourcePort[445] or DestinationPort[445] or SourcePort[137-139] or DestinationPort[137-139]))

#3006:Remote Control
(Protocol[TCP] and (SourcePort[3389] or DestinationPort[3389] or SourcePort[22] or DestinationPort[22] OR SourcePort[23] or DestinationPort[23] or SourcePort[5800] or DestinationPort[5800] or SourcePort[5900] or DestinationPort[5900]))

(Protocol[TCP] and (SourcePort[5004] or DestinationPort[5004] or SourcePort[2427] or DestinationPort[2427] or SourcePort[2727] or DestinationPort[2727] or SourcePort[2440] or DestinationPort[2440] or SourcePort[5441] or DestinationPort[5441] or SourcePort[5442] or DestinationPort[5442] or SourcePort[5443] or DestinationPort[5443] or SourcePort[5444] or DestinationPort[5444] or SourcePort[5445] or DestinationPort[5445] or SourcePort[5446] or DestinationPort[5446] or SourcePort[1720] or DestinationPort[1720]))

(Protocol[UDP] and ((SourcePort[68] and DestinationPort[67]) or (SourcePort[67] and DestinationPort[68]) )) OR ((Protocol[TCP] or Protocol[UDP]) and (SourcePort[53] or DestinationPort[53])) OR (Protocol[TCP] and (SourcePort[113] or DestinationPort[113])) OR (Protocol[ICMP]) OR (Protocol[TCP] and (SourcePort[161-162] or DestinationPort[161-162]))

(IP[] or IP[] or IP[] or IP[])


#3014:SQL Traffic
(Protocol[TCP] or Protocol[UDP] and (SourcePort[118] or DestinationPort[118])) OR (Protocol[UDP] and (SourcePort[156] or DestinationPort[156])) OR (Protocol[TCP] and (SourcePort[1433] or DestinationPort[1433])) OR (Protocol[TCP] or Protocol[UDP] and (SourcePort[1434] or DestinationPort[1434])) OR (Protocol[TCP] or Protocol[UDP] and (SourcePort[3306] or DestinationPort[3306]))


(Protocol[TCP] or Protocol[UDP] and (SourcePort[5247] or DestinationPort[5247]))

(Protocol[UDP]) OR (Protocol[TCP])


Sign In or Register to comment.