Here is my configuration:
I keep getting alerts from my IPMI that something fails to authenticate, so somewhere in my network I have a service that attempts to login to the IPMI. I'd like to pinpoint what it is. When I run tcpdump on a machine that is in the MAIN (100) vlan, I don't even see any traffic, maybe because it's connected via WiFi (on another mikrotik). So I want to sniff the traffic in the closest possible place - the switch to which the IPMI is connected to.
However, the sniffer tool does not detect anything.
The IPMI is connected directly to the new-zoltan-ipmi-main interface and has 10.0.0.13 assigned to it.
The machines I'm pinging from are connected to VLAN 100, that comes to the switch within the ether1-uplink-trunk, I tried also pinging from the machine connected to the old-zoltan-main.
I tried setting up the sniffer tool like in the configuration above, as well as without the vlan=100 filter, or with interface filter for vlan-main-100.
In the background I have `ping 10.0.0.13` running from another host.
The sniffer tool shows no packets at all. When I run it without filters I see a lot of packets with :: as destination and source, not a single IPv4 in sight. What am I missing?
Code:
# 2025-01-15 10:52:35 by RouterOS 7.16.1# software id = J2X6-JWJN## model = CRS310-8G+2S+# serial number = HG209J5HAJM/interface bridgeadd admin-mac=D4:01:C3:0D:10:2C auto-mac=no name=BR1 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] name=ether1-uplink-trunkset [ find default-name=ether2 ] name=ether2-piwniczak-trunkset [ find default-name=ether3 ] name=ether3-new-zoltan-hybridset [ find default-name=ether4 ] name=ether4-new-zoltan-mainset [ find default-name=ether5 ] name=ether5-new-zoltan-ipmi-mainset [ find default-name=ether6 ] name=ether6-old-zoltan-mainset [ find default-name=ether7 ] name=ether7-old-zoltan-ilo-mainset [ find default-name=ether8 ] name=ether8-ups-mainset [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-old-zoltan-mainset [ find default-name=sfp-sfpplus2 ] name=sfp-sfpplus2-main/interface vlanadd interface=BR1 name=vlan-main-100 vlan-id=100/interface listadd name=MAIN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/interface bridge portadd bridge=BR1 interface=ether3-new-zoltan-hybrid pvid=100add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4-new-zoltan-main pvid=100add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5-new-zoltan-ipmi-main pvid=100add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether6-old-zoltan-main pvid=100add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether7-old-zoltan-ilo-main pvid=100add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether8-ups-main pvid=100add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus1-old-zoltan-main pvid=100add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus2-main pvid=100add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1-uplink-trunkadd bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether2-piwniczak-trunk/ip neighbor discovery-settingsset discover-interface-list=MAIN/ip settingsset ip-forward=no/interface bridge vlanadd bridge=BR1 tagged=BR1,ether1-uplink-trunk,ether2-piwniczak-trunk vlan-ids=100add bridge=BR1 tagged=ether1-uplink-trunk,ether2-piwniczak-trunk,ether3-new-zoltan-hybrid vlan-ids=101add bridge=BR1 tagged=ether1-uplink-trunk,ether2-piwniczak-trunk,ether3-new-zoltan-hybrid vlan-ids=102add bridge=BR1 tagged=ether1-uplink-trunk,ether2-piwniczak-trunk,ether3-new-zoltan-hybrid vlan-ids=103/interface list memberadd interface=vlan-main-100 list=MAIN/ip addressadd address=10.0.0.11/24 interface=vlan-main-100 network=10.0.0.0/ip dnsset servers=10.0.0.1/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip routeadd distance=1 gateway=10.0.0.1/ip serviceset telnet disabled=yesset ftp address=10.0.0.0/16 disabled=yesset www address=10.0.0.0/16set ssh address=10.0.0.0/16set www-ssl address=10.0.0.0/16 certificate=mydomain.net_cert disabled=noset api address=10.0.0.0/16 disabled=yesset api-ssl address=10.0.0.0/16 certificate=mydomain.net_cert/system clockset time-zone-name=Europe/Warsaw/system identityset name=piwnica-switch/system ntp clientset enabled=yes/system ntp client serversadd address=europe.pool.ntp.org/tool mac-serverset allowed-interface-list=MAIN/tool mac-server mac-winboxset allowed-interface-list=MAIN/tool snifferset file-limit=10000KiB file-name=for_wireshark filter-dst-ip-address=10.0.0.13/32 filter-operator-between-entries=and filter-stream=yes filter-vlan=100 streaming-server=10.0.0.101However, the sniffer tool does not detect anything.
The IPMI is connected directly to the new-zoltan-ipmi-main interface and has 10.0.0.13 assigned to it.
The machines I'm pinging from are connected to VLAN 100, that comes to the switch within the ether1-uplink-trunk, I tried also pinging from the machine connected to the old-zoltan-main.
I tried setting up the sniffer tool like in the configuration above, as well as without the vlan=100 filter, or with interface filter for vlan-main-100.
In the background I have `ping 10.0.0.13` running from another host.
The sniffer tool shows no packets at all. When I run it without filters I see a lot of packets with :: as destination and source, not a single IPv4 in sight. What am I missing?
Statistics: Posted by shalak — Wed Jan 15, 2025 12:28 pm