Sniffer port in 3550 switches
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by on June 11, 2008, 11:00 am
Please log in for more thread options I want to set up a port to monitor ALL the traffic on my network. My goal is to be able to sniff traffic between any two hosts, regardless of which switch they are connected to. I also need to sniff traffic between my hosts and internet hosts. The network consists of 14 cisco 3550 switches and a handfull of unmanaged switches connected via crossover cables to various switches. These switches are interconnected in a variety of ways, fiber on Gi0/1-2, crossover cables, etc. Everything (as far as I know) is in VLAN1. I have configured my sniffer (Wireshark) port as follows: ! interface FastEthernet0/24 description monitor-port-vlan1 port monitor VLAN1 ! Will this do what I need it to do? Could it possibly be this easy? TIA JM | |||||||||||||
|
Posted by alexd on June 11, 2008, 2:03 pm
Please log in for more thread options > interface FastEthernet0/24
> description monitor-port-vlan1 > port monitor VLAN1 > ! > > Will this do what I need it to do? Could it possibly be this easy? No. You will to tell the other 13 switches to monitor VLAN1 also, eg: monitor session 1 source vlan 1 rx monitor session 1 destination remote vlan 10 And then port monitor VLAN10 instead [not going to work on the unmanaged switch]. However, I would caution that you could end up overwhelming your network with traffic. What exactly are you trying to achieve? If it's just statistics you're after, how about SNMP or Netflow? If you want every frame, you'd be best served by being a bit more specific. If you /do/ decide to monitor all those ports, make sure you've got a big hard drive on your Wireshark monitoring station ;-) -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
18:52:18 up 3 days, 7:59, 1 user, load average: 0.01, 0.01, 0.00
Convergence, n: The act of using separate DSL circuits for voice and data | |||||||||||||
|
Posted by on June 11, 2008, 4:21 pm
Please log in for more thread options
>On Wed, 11 Jun 2008 15:00:34 +0000, jmoseby_ wrote:
> >> I want to set up a port to monitor ALL the traffic on my network. My
>> goal is to be able to sniff traffic between any two hosts, regardless of >> which switch they are connected to. >
>> interface FastEthernet0/24
>> description monitor-port-vlan1 >> port monitor VLAN1 >> ! >> >> Will this do what I need it to do? Could it possibly be this easy? >
>No. You will to tell the other 13 switches to monitor VLAN1 also, eg: > >monitor session 1 source vlan 1 rx >monitor session 1 destination remote vlan 10 > >And then port monitor VLAN10 instead [not going to work on the unmanaged >switch]. However, I would caution that you could end up overwhelming your >network with traffic. What exactly are you trying to achieve? I don't want to cause undue stress on the network, I would just like to have the flexibility to monitor hosts on my network without having to configure it every time. So instead, say I want to monitor a specific host. How would I go about setting up monitoring in this scenario: [Wireshark]--Fa0/24--[SWITCH1]--Gi0/1--[SWITCH2]--Fa0/12-[TARGETHOST] Thanks! JM | |||||||||||||
| Similar Threads | Posted |
| Sniffer port in 3550 switches | June 11, 2008, 11:00 am |
| Pruning on 3500 and 3550 series switches | November 1, 2005, 1:56 pm |
| connecting two 3550 switches with VLAN IP routing | November 7, 2006, 9:09 am |
| Confused - VLANs, 3550 and 2950 switches | November 10, 2006, 10:54 am |
| Cisco Catalyst 3550 causes "Excessive jabbering" on HP switches | September 20, 2005, 1:44 am |
| cisco 3550 24 port SMI | April 26, 2006, 1:35 am |
| Sniffer? | June 16, 2007, 11:35 pm |
| trunking / port channel 4108gl and Cisco 3550 | August 21, 2006, 5:25 am |
| PIX: PSK, sniffer and hash | October 5, 2005, 8:11 am |
| freeware sniffer for windows? | September 14, 2006, 12:56 am |
| Interlinking switches / port speeds | July 12, 2007, 12:09 pm |
| Change Telnet Port Access to Router & Switches | August 10, 2005, 8:39 pm |
| 3550 ACL Help | January 13, 2006, 4:56 pm |
| 3550 RAM | June 3, 2006, 4:19 pm |
| Problems with 7206 vxr trying to VLAN a Gig port to an HP 4000M Gig port over fiber | September 9, 2007, 2:38 pm |
> goal is to be able to sniff traffic between any two hosts, regardless of
> which switch they are connected to.