Sniffer port in 3550 switches

I want to set up a port to monitor ALL the traffic on my network. My goal is to be able to sniff traffic between any two hosts, regardless of which switch they are connected to. I also need to sniff traffic between my hosts and internet hosts.

The network consists of 14 cisco 3550 switches and a handfull of unmanaged switches connected via crossover cables to various switches. These switches are interconnected in a variety of ways, fiber on Gi0/1-2, crossover cables, etc. Everything (as far as I know) is in VLAN1. I have configured my sniffer (Wireshark) port as follows:

! interface FastEthernet0/24 description monitor-port-vlan1 port monitor VLAN1 !

Will this do what I need it to do? Could it possibly be this easy?

TIA

JM

Reply to
jmoseby_
Loading thread data ...

No. You will to tell the other 13 switches to monitor VLAN1 also, eg:

monitor session 1 source vlan 1 rx monitor session 1 destination remote vlan 10

And then port monitor VLAN10 instead [not going to work on the unmanaged switch]. However, I would caution that you could end up overwhelming your network with traffic. What exactly are you trying to achieve? If it's just statistics you're after, how about SNMP or Netflow? If you want every frame, you'd be best served by being a bit more specific. If you /do/ decide to monitor all those ports, make sure you've got a big hard drive on your Wireshark monitoring station ;-)

Reply to
alexd

I don't want to cause undue stress on the network, I would just like to have the flexibility to monitor hosts on my network without having to configure it every time. So instead, say I want to monitor a specific host. How would I go about setting up monitoring in this scenario:

[Wireshark]--Fa0/24--[SWITCH1]--Gi0/1--[SWITCH2]--Fa0/12-[TARGETHOST]

Thanks!

JM

Reply to
jmoseby_

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.