interface FastEthernet0/1

switchport access vlan 1

interface FastEthernet0/2

switchport access vlan 1

monitor session 1 source interface Fa0/1 , Fa0/2

monitor session 1 destination interface Fa0/24 encapsulation replicate

Post configuration of fas0/24

Also "show interface fas0/24"

and remove "encapsulation replicate" parameter

I removed encapsulation replicate parameter but sniffer doesn't detect ICMP packets generated on routers.

SW1#sh interfaces fastEthernet 0/24

FastEthernet0/24 is up, line protocol is down (monitoring)

  Hardware is Fast Ethernet, address is 001c.57bc.d19a (bia 001c.57bc.d19a)

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s, media type is 10/100BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output 05:54:18, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 1000 bits/sec, 2 packets/sec

     37 packets input, 6409 bytes, 0 no buffer

     Received 37 broadcasts (6 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 6 multicast, 0 pause input

     0 input packets with dribble condition detected

     32601 packets output, 2722061 bytes, 0 underruns

     0 output errors, 0 collisions, 1 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output

     0 output buffer failures, 0 output buffers swapped out

are you saying it doesn't see only ICMP and sees everything else?

what kind of sniffer are you using? Did you try PC with wireshark running?

Yes, I see for example arp packets but don't see ICMP. If I connect 2 pc and make ping I can see arp and ICMP. I think the problem is the ICMP type of routers. I'm using Wireshark.

IOS uses the standard ICMP echo and echo reply for the pings.

Can you post router configs?

R1#sh run

Building configuration...

Current configuration : 1096 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

dot11 syslog

ip source-route

!

!

!

!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

archive

log config

  hidekeys

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1/0

!

interface FastEthernet0/1/1

!

interface FastEthernet0/1/2

!

interface FastEthernet0/1/3

!

interface Serial0/0/0

no ip address

shutdown

no fair-queue

clock rate 2000000

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

interface Vlan1

no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

no ip http server

no ip http secure-server

!

!

!

!

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

R2#sh run

Building configuration...

Current configuration : 1086 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

dot11 syslog

ip source-route

!

!

!

!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

archive

log config

  hidekeys

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 10.0.0.2 255.0.0.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1/0

!

interface FastEthernet0/1/1

!

interface FastEthernet0/1/2

!

interface FastEthernet0/1/3

!

interface Serial0/0/0

no ip address

shutdown

no fair-queue

clock rate 2000000

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

interface Vlan1

no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

no ip http server

no ip http secure-server

!

!

!

!

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

I've tested the same in other switches and routers and I had the same problem. It's illogical and strange

Post full config of the switch?

What model and IOS version running on the switch?

I've two models:

3560

3560g

and IOS c3560-advipservicesk9-mz.122-46.SE.bin

SW1#sh running-config

Building configuration...

Current configuration : 1559 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SW1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

interface FastEthernet0/1

switchport access vlan 1

!

interface FastEthernet0/2

switchport access vlan 1

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

!

ip classless

ip http server

ip http secure-server

!

!

!

control-plane

!

!

line con 0

line vty 5 15

!

!

monitor session 1 source interface Fa0/1 , Fa0/2

monitor session 1 destination interface Fa0/24

end

Are you sure you have the setting in wireshark "capture packets in promiscuous mode"?

ooo yes!!

post ipconfig /all from your wireshark PC?

I can see CDP, VTP, PAgP, DTP, ARP, STP but ICMP from 1 access port to other access port is impossible!!!! I don't have any problem with wireshark PC because the same system detects all packets, included ICMP when I change routers by PC's.