How to enable Port Mirror on Sonicwall Switch.

Port mirroring is a powerful troubleshooting tool, ideal for detecting and analyzing the traffic passing through a specific port.

Port Mirroring allows the sending of a copy of network packets seen on one or more switch ports to another switch port called the mirror port. Monitor traffic passing through the mirrored ports by connecting to the mirror destination port and utilising a packet capture tool, like Wireshark.

Lab Environment

Sonicwall Firewall TZ570

Sonicwall Switch SW12-POE – managed on box and running on the  latest version

AP- Sonicwave 231C Wireless Access Point

Laptop + Wireshark (Capturing my Ethernet link )

In this lab we will be monitoring the port for the Wireless Access Point. We are looking for the DHCP negotiation and ICMP traffic from firewall to AP.

How to enable Port Mirroring

Switch | Switching | Port Mirror

Edit session ID 1

Session State: Enable

Destination Port: 1 (where the laptop will be connected to capture mirrored packets)

Source TX and RX port : 6 (where Sonicwave Wireless AP was connected)

Ingress State: Enable

Results:

• Sonicwave getting the DHCP-IP from firewall.

From Laptop and Wireshark:

From Firewall (Pcap capturing UPD traffic and destination port 67,68):

• Ping from FW to Sonicwave.

From Laptop and Wireshark: