Hi Everyone
I've got a question on port mirroring (a SPAN session) on a 3550. The
situtaion is I have some machines I need to be able to run Ethereal
against but can't due to the ports being switched. So I'm trying to mirror
a port on my 3550 to another port. I'm under the impression this will
allow me to record that traffic coming from the PCs plugged into the
source port via a device plugged into the destination port (where data is
being mirrored, or copied to, from the source port).
What I have attempted to set up is to plug the cat 5 from the machine I
want to trace on into port 15 in the 3550. I then ran this:
conf t
monitor session 1 source interface fas0/15 both
I want to mirror it to port 8, so I then ran this command:
monitor session 1 destination interface fas0/8
Ctrl-Z
To check my work:
noc-sw#show monitor session 1
Session 1
---------
Source Ports:
RX Only: None
TX Only: None
Both: Fa0/15
Source VLANs:
RX Only: None
TX Only: None
Both: None
Destination Ports: Fa0/8
Encapsulation: Native
Filter VLANs: None
So far, so good (I think). But now I'm not sure how to actually do the
monitoring. If I plug my PC (running ethereal) into port 8, it does
nothing. Upon further review I read last night <someplace....I am unable
to ind it this morning> that you can't plug your monitoring PC into the
destination port because all that port is passing is the mirrored traffic.
So, assuming I have done all of this correctly <and I do not know for sure
that I have>, my question is how does one monitor the traffic and record
it with sniffer or ethereal once the port mirroring is in place?
Thanks
Sam
--
Sam Morris, Owner
Loganet Internet Service
Logan IA, United States of America
712-644-3578
I've got a question on port mirroring (a SPAN session) on a 3550. The
situtaion is I have some machines I need to be able to run Ethereal
against but can't due to the ports being switched. So I'm trying to mirror
a port on my 3550 to another port. I'm under the impression this will
allow me to record that traffic coming from the PCs plugged into the
source port via a device plugged into the destination port (where data is
being mirrored, or copied to, from the source port).
What I have attempted to set up is to plug the cat 5 from the machine I
want to trace on into port 15 in the 3550. I then ran this:
conf t
monitor session 1 source interface fas0/15 both
I want to mirror it to port 8, so I then ran this command:
monitor session 1 destination interface fas0/8
Ctrl-Z
To check my work:
noc-sw#show monitor session 1
Session 1
---------
Source Ports:
RX Only: None
TX Only: None
Both: Fa0/15
Source VLANs:
RX Only: None
TX Only: None
Both: None
Destination Ports: Fa0/8
Encapsulation: Native
Filter VLANs: None
So far, so good (I think). But now I'm not sure how to actually do the
monitoring. If I plug my PC (running ethereal) into port 8, it does
nothing. Upon further review I read last night <someplace....I am unable
to ind it this morning> that you can't plug your monitoring PC into the
destination port because all that port is passing is the mirrored traffic.
So, assuming I have done all of this correctly <and I do not know for sure
that I have>, my question is how does one monitor the traffic and record
it with sniffer or ethereal once the port mirroring is in place?
Thanks
Sam
--
Sam Morris, Owner
Loganet Internet Service
Logan IA, United States of America
712-644-3578