Troubleshooting network traffic with Nebula switch port mirroring

Zyxel_Kay
Zyxel_Kay Posts: 1,110  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
edited May 14 in Network Reliability

This guide aims to assist you in troubleshooting and resolving network traffic issues with your Nebula switch by utilizing port mirroring. Port mirroring enables you to monitor and analyze traffic on a specific switch port, making it an essential tool for diagnosing and debugging network-related problems. In this article, we will walk you through the steps to set up port mirroring in the Nebula Control Center and analyze the mirrored traffic using packet-tracing software like Wireshark.

Understanding Port Mirroring

Port mirroring, also known as port monitoring or SPAN (Switched Port Analyzer), is a technique that duplicates network traffic from one switch port and forwards it to another designated port. This allows you to inspect the traffic passing through the mirrored port without disrupting the original network flow. Port mirroring is invaluable for network administrators when pinpointing the source of network issues or monitoring network activity.

Follow these steps to configure port mirroring on your Nebula switch:

  1. Log in to your Nebula Account via https://nebula.zyxel.com
  2. Navigate to Configure -> Switches -> Switch Settings
    sw setting.png
  3. Find Port mirroring and click on Add
    add_port_mirroring.png
  4. Select the Switch and which port(s) you want to have monitored. Also, choose a destination port. Source Port indicates the port where the traffic is coming from initially, while the Destination port indicates the port you will be tracking on.
    | Note: Maximum only 3 source ports are allowed.
    image.png
  5. Save the settings.
  6. Using Wireshark for Traffic Analysis
  7. Select the network adapter your using (WiFi or Ethernet) and filter your packets
    select_network_adapter.png
    1. Filter your traffic you want to capture, for example:
      • multicast and broadcast
      • host 192.168.1.33
      • port 443
    2. Later on you can filter after you've captured the packets as well by using e.g.:
      • ip.addr==192.168.1.1
      • ip.proto 50
      • icmp
        filter.png
  8. Capture the traffic.
  9. Save the file and analyze / Send for analysis

Kay

Untitled Image

Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)