Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Catalyst port mirroring

Reply
Thread Tools

Catalyst port mirroring

 
 
Alex Turtois
Guest
Posts: n/a
 
      01-11-2006
HI All,

What I'm trying to do is to have a pocket capture / traffic watcher
application for network management, service usage measurements on our
LAN. I'll want to know how many http, radius, ssl, smtp traffic is
going on our network between my own hosts. All the equipment are
connected to a catalyst 2950.

Switched networks does not allow me to watch/capture traffic on all
interfaces I'll need to use some type of solution that allows me to
mirror all traffic to a specific port on the switch, so I'd attach a
linux box on that port and will be able to see all traffic travelling
to all our routers and servers - as if they all were connected to a
HUB.

I have heared about someone was counting traffic using the linux kernel
ip_accounting fascility this way, but I'm not sure how to set up the
switch ports for this solution.

Anyone has experience with solutions like the above?

TIA,
Alex

 
Reply With Quote
 
 
 
 
kemot
Guest
Posts: n/a
 
      01-11-2006
Alex,
What you are looking for is SPAN or monitoring on a switchport. Here is
little more information on it
http://www.cisco.com/en/US/products/...8015c612.shtml

If the port you want to monitor is fa0/1 and you would connect the
sniffer (Ethereal or anythin like tcpdump) to fa0/15
here are the basic commands:

conf terminal
monitor session 1 source interface fa0/1
monitor session 1 destination interface fa0/15

TK

Alex Turtois wrote:
> HI All,
>
> What I'm trying to do is to have a pocket capture / traffic watcher
> application for network management, service usage measurements on our
> LAN. I'll want to know how many http, radius, ssl, smtp traffic is
> going on our network between my own hosts. All the equipment are
> connected to a catalyst 2950.
>
> Switched networks does not allow me to watch/capture traffic on all
> interfaces I'll need to use some type of solution that allows me to
> mirror all traffic to a specific port on the switch, so I'd attach a
> linux box on that port and will be able to see all traffic travelling
> to all our routers and servers - as if they all were connected to a
> HUB.
>
> I have heared about someone was counting traffic using the linux kernel
> ip_accounting fascility this way, but I'm not sure how to set up the
> switch ports for this solution.
>
> Anyone has experience with solutions like the above?
>
> TIA,
> Alex


 
Reply With Quote
 
 
 
 
zulu-1-three
Guest
Posts: n/a
 
      01-11-2006
Check out Cisco Netflow. See if your switch can do it.

 
Reply With Quote
 
John Smith
Guest
Posts: n/a
 
      01-12-2006
if your switch doesn't support the monitor session syntax, you will need
to do the following:
interface FastEthernet0/x
port monitor FastEthernet0/a
port monitor FastEthernet0/b

fa0/x is the port your sniffer is plugged into, 0/a and 0/b would be any
ports u want to sniff.


On Wed, 11 Jan 2006 09:22:41 -0800, kemot wrote:

> Alex,
> What you are looking for is SPAN or monitoring on a switchport. Here is
> little more information on it
> http://www.cisco.com/en/US/products/...8015c612.shtml
>
> If the port you want to monitor is fa0/1 and you would connect the
> sniffer (Ethereal or anythin like tcpdump) to fa0/15
> here are the basic commands:
>
> conf terminal
> monitor session 1 source interface fa0/1
> monitor session 1 destination interface fa0/15
>
> TK
>
> Alex Turtois wrote:
>> HI All,
>>
>> What I'm trying to do is to have a pocket capture / traffic watcher
>> application for network management, service usage measurements on our
>> LAN. I'll want to know how many http, radius, ssl, smtp traffic is
>> going on our network between my own hosts. All the equipment are
>> connected to a catalyst 2950.
>>
>> Switched networks does not allow me to watch/capture traffic on all
>> interfaces I'll need to use some type of solution that allows me to
>> mirror all traffic to a specific port on the switch, so I'd attach a
>> linux box on that port and will be able to see all traffic travelling
>> to all our routers and servers - as if they all were connected to a
>> HUB.
>>
>> I have heared about someone was counting traffic using the linux kernel
>> ip_accounting fascility this way, but I'm not sure how to set up the
>> switch ports for this solution.
>>
>> Anyone has experience with solutions like the above?
>>
>> TIA,
>> Alex


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mirroring and Monitoring Ports on a Catalyst 2950 Robeast Cisco 2 04-24-2007 02:24 AM
Port mirroring in HP 2626-pwr 24 port switch mayazk100@gmail.com Cisco 2 10-25-2005 10:32 PM
Port mirroring Armin Kask Cisco 5 05-18-2004 07:27 PM
Port mirroring on a cisco 2950 plc Cisco 1 04-30-2004 11:10 AM
Port Mirroring Command Dalirahma Cisco 1 10-21-2003 10:16 PM



Advertisments