Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > monitor spanned port from dual NIC'd fedora machine

Reply
Thread Tools

monitor spanned port from dual NIC'd fedora machine

 
 
starman7@hotmail.com
Guest
Posts: n/a
 
      06-29-2006
i would like to monitor traffic on my 2950 switch. i have set up port 1
(the downlink from router) to span to 24.

will monitoring port 1 effectively monitor all on the switch, or should
i select them individually?
i did this in the 2950's GUI.

also, i want to monitor via an ssh session to a linux machine (having 2
nics) one plugged into 24, and the other to a live port (so i can
access it remotely via ssh, because span disables the traffic on port
24 (e.g. although i can ping the interface from my workstation, i can't
ssh into it). i don't have console access or a monitor on this linux
machine.

is this doable? both nics are on the same subnet in the linux machine.
do i need to do anything to the routing table? i can ping both
interfaces from my workstation, but can't ssh - though i can xdmcp into
it ... (broadcast?)

and when i tcpdump to one interface, i see just the connection from my
workstation to the linux box, when i tcpdump to the spanned interface,
i seem to be able to see the traffic on the different ports of the
switch, which is my aim.

thanks for insights on being able to ssh into the live connected port,
s7

 
Reply With Quote
 
 
 
 
SAto
Guest
Posts: n/a
 
      06-30-2006
http://www.velocityreviews.com/forums/(E-Mail Removed) skrev:
> i would like to monitor traffic on my 2950 switch. i have set up port 1
> (the downlink from router) to span to 24.
>
> will monitoring port 1 effectively monitor all on the switch, or should
> i select them individually?
> i did this in the 2950's GUI.


Monitoring port 1 will show you all traffic through that interface.
If you have traffic going between two hosts connected on two diffirent
ports you will not see that traffic. If you are only interested in the
traffic leaving your network this would be fine, but to see all the
traffic you would need to monitor the vlan.

> also, i want to monitor via an ssh session to a linux machine (having 2
> nics) one plugged into 24, and the other to a live port (so i can
> access it remotely via ssh, because span disables the traffic on port
> 24 (e.g. although i can ping the interface from my workstation, i can't
> ssh into it). i don't have console access or a monitor on this linux
> machine.


What I would normally do is disable ip on the monitoring interface.
This to prevent it from generating its own traffic then showing up in
the dump.

This would also make it possible to connect through the other interface
with ssh.
This should be possible even though you have an IP address on it but
you might need to tweek the setup to force it to use the "right"
interface for outbound traffic.

Disabling IP on the interface would be the cleanest setup I think.

Hope some of this made sense

-SAto

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NetGear SPH200D dual Dual-mode, Cordless Phone vs Dualphone 3088 dual mode cordless phone Paul NZ Computing 0 05-08-2007 09:06 AM
1em height row in IE (spanned row) W@cek HTML 0 03-31-2005 11:23 AM
mirroring and spanned volumes on W2000 server Henny Jansen Computer Support 1 10-04-2004 05:51 PM
What is a Spanned Archive? fre Computer Support 3 08-15-2004 08:18 PM
spanned volumes - is this correct? David K MCSE 3 11-22-2003 12:09 AM



Advertisments