Options
PRTG Sniffing dot1q encapsulation
Hello all,
I purchased PRTG a year or so ago and have encountered my very first problem with it. For some reason I cannot get my packet sniffer sensors to channelize dot1q encapsulated traffic. It recognizes the traffic and classifies it as OTHER, yet I do not have a definition configured as other. Has anyone come across this before? This is the only site I am having problems with and I think it has to do with dot1q, because all other sites I was able span the WAN port. Unfortunately, I did not have an extra port to utilize on the router and had to resort to spanning the distro switch's uplink. Router is a Cisco 3725 and distro switch is an Adtran 1224.
I am waiting for Paessler to respond to my support ticket, but thought I would ask on here. I have attached screenshots of working probes (DCO and MDT) and the non working probe (ALP).
These are my sniffer's definitions:
I purchased PRTG a year or so ago and have encountered my very first problem with it. For some reason I cannot get my packet sniffer sensors to channelize dot1q encapsulated traffic. It recognizes the traffic and classifies it as OTHER, yet I do not have a definition configured as other. Has anyone come across this before? This is the only site I am having problems with and I think it has to do with dot1q, because all other sites I was able span the WAN port. Unfortunately, I did not have an extra port to utilize on the router and had to resort to spanning the distro switch's uplink. Router is a Cisco 3725 and distro switch is an Adtran 1224.
I am waiting for Paessler to respond to my support ticket, but thought I would ask on here. I have attached screenshots of working probes (DCO and MDT) and the non working probe (ALP).
These are my sniffer's definitions:
#3001:Web (IP[10.120.1.65] and (SourcePort[3128] or DestinationPort[3128])) OR (IP[198.22.180.61] and (SourcePort[80] or DestinationPort[80])) #3002:Mail (IP[10.120.1.211-214] or IP[10.120.1.218-219] or IP[10.120.1.192-194] or IP[10.120.1.199] or IP[10.120.1.34-35]) #3004:FTP/P2P (Protocol[TCP] and (DestinationPort[20-21] OR SourcePort[20-21])) #3005:NetBIOS/SMB (Protocol[TCP] and (SourcePort[445] or DestinationPort[445] or SourcePort[137-139] or DestinationPort[137-139])) #3006:Remote Control (Protocol[TCP] and (SourcePort[3389] or DestinationPort[3389] or SourcePort[22] or DestinationPort[22] OR SourcePort[23] or DestinationPort[23] or SourcePort[5800] or DestinationPort[5800] or SourcePort[5900] or DestinationPort[5900])) #3007:Voice (Protocol[TCP] and (SourcePort[5004] or DestinationPort[5004] or SourcePort[2427] or DestinationPort[2427] or SourcePort[2727] or DestinationPort[2727] or SourcePort[2440] or DestinationPort[2440] or SourcePort[5441] or DestinationPort[5441] or SourcePort[5442] or DestinationPort[5442] or SourcePort[5443] or DestinationPort[5443] or SourcePort[5444] or DestinationPort[5444] or SourcePort[5445] or DestinationPort[5445] or SourcePort[5446] or DestinationPort[5446] or SourcePort[1720] or DestinationPort[1720])) #3009:Infrastructure (Protocol[UDP] and ((SourcePort[68] and DestinationPort[67]) or (SourcePort[67] and DestinationPort[68]) )) OR ((Protocol[TCP] or Protocol[UDP]) and (SourcePort[53] or DestinationPort[53])) OR (Protocol[TCP] and (SourcePort[113] or DestinationPort[113])) OR (Protocol[ICMP]) OR (Protocol[TCP] and (SourcePort[161-162] or DestinationPort[161-162])) #3011:TrendMicro (IP[10.120.1.120] or IP[10.120.1.227] or IP[10.120.1.90] or IP[10.0.80.207]) #3013:Stromberg (IP[10.120.1.234-235]) #3014:SQL Traffic (Protocol[TCP] or Protocol[UDP] and (SourcePort[118] or DestinationPort[118])) OR (Protocol[UDP] and (SourcePort[156] or DestinationPort[156])) OR (Protocol[TCP] and (SourcePort[1433] or DestinationPort[1433])) OR (Protocol[TCP] or Protocol[UDP] and (SourcePort[1434] or DestinationPort[1434])) OR (Protocol[TCP] or Protocol[UDP] and (SourcePort[3306] or DestinationPort[3306])) #3015:SCCM (IP[10.120.1.129]) #3016:Wireless (Protocol[TCP] or Protocol[UDP] and (SourcePort[5247] or DestinationPort[5247])) #4000:Various (Protocol[UDP]) OR (Protocol[TCP])