i would like to monitor traffic on my 2950 switch. i have set up port 1 (the downlink from router) to span to 24.
will monitoring port 1 effectively monitor all on the switch, or should i select them individually? i did this in the 2950's GUI.
also, i want to monitor via an ssh session to a linux machine (having 2 nics) one plugged into 24, and the other to a live port (so i can access it remotely via ssh, because span disables the traffic on port
24 (e.g. although i can ping the interface from my workstation, i can't ssh into it). i don't have console access or a monitor on this linux machine.is this doable? both nics are on the same subnet in the linux machine. do i need to do anything to the routing table? i can ping both interfaces from my workstation, but can't ssh - though i can xdmcp into it ... (broadcast?)
and when i tcpdump to one interface, i see just the connection from my workstation to the linux box, when i tcpdump to the spanned interface, i seem to be able to see the traffic on the different ports of the switch, which is my aim.
thanks for insights on being able to ssh into the live connected port, s7