Hey there - I have a Cisco 7206 running IOS 12.1, and I'm wondering if there's a way to forward copies of all packets that pass thru the router (or at least, through a specific interface) to another ethernet interface on the router for use in network monitoring; I've got a network analysis box that needs to see all the traffic in order to analyze it.
I've ready online that it looks like I can do this, but I haven't been able to figure out the concepts and the commands needed to do it. Can anyone point me in the right direction?
The obvious solution would be to span the switch port the router interface you want to monitor is connected to.
Forward us (the internet community) a few of the links that you think talks about what you want to do - This may help us better identify your solution.
Well, here it is - from the Etherape documentation: (bashful)
]Why I see only the traffic to/from the EtherApe machine ? ] ]Probably you have a switched network. Unless all traffic goes thru the etherape machine (or you have an hub), etherape sees local traffic. ]Etherape can "see" only the traffic physically passing on the netcard wire. Many small network use hubs to connect computers, so every packet is ]ysically transmitted to every netcard. ]A larger network use combinations of switches and routers, sometimes even firewalls to connect nodes, so your network card receives only its own traffic or ]broadcast. ]To monitor an entire network you can enable analisys/roving mode on your switch (essentially copies all traffic to a single port). If you have multiple switches, ]or routers, or the total bandwith exceeds the port maximum, you still will see only part of the traffic. ]If you only want to monitor internet traffic, a better solution is to place etherape on the (internal) internet gateway.
Essentially, yes - all the equipment I want to monitor is on a switch. If I can copy all IP traffic going through my WAN port to a spare ethernet port on my router (note the idea is to copy it so as not to disrupt the traffic). Essentially bridge the traffic from the WAN port to the spare ethernet nic.
Assuming you only have one ethernet interface on the router hat the traffic flows through, this would be very simple. Span the switch port the router is connected to - to the switch port that your Unix machine that's running EtherApe is on.
It's very easy for a switch to do this, and is more advisable than bridging one interface to another "spare" interface on the router.
The commands you use to span the switch port varies based on the version of code as well as the model of the switch. - so you'll have to do some research.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.