monitor spanned port from dual NIC'd fedora machine

Discussion in 'Cisco' started by starman7@hotmail.com, Jun 29, 2006.

  1. Guest

    i would like to monitor traffic on my 2950 switch. i have set up port 1
    (the downlink from router) to span to 24.

    will monitoring port 1 effectively monitor all on the switch, or should
    i select them individually?
    i did this in the 2950's GUI.

    also, i want to monitor via an ssh session to a linux machine (having 2
    nics) one plugged into 24, and the other to a live port (so i can
    access it remotely via ssh, because span disables the traffic on port
    24 (e.g. although i can ping the interface from my workstation, i can't
    ssh into it). i don't have console access or a monitor on this linux
    machine.

    is this doable? both nics are on the same subnet in the linux machine.
    do i need to do anything to the routing table? i can ping both
    interfaces from my workstation, but can't ssh - though i can xdmcp into
    it ... (broadcast?)

    and when i tcpdump to one interface, i see just the connection from my
    workstation to the linux box, when i tcpdump to the spanned interface,
    i seem to be able to see the traffic on the different ports of the
    switch, which is my aim.

    thanks for insights on being able to ssh into the live connected port,
    s7
     
    , Jun 29, 2006
    #1
    1. Advertising

  2. SAto Guest

    skrev:
    > i would like to monitor traffic on my 2950 switch. i have set up port 1
    > (the downlink from router) to span to 24.
    >
    > will monitoring port 1 effectively monitor all on the switch, or should
    > i select them individually?
    > i did this in the 2950's GUI.


    Monitoring port 1 will show you all traffic through that interface.
    If you have traffic going between two hosts connected on two diffirent
    ports you will not see that traffic. If you are only interested in the
    traffic leaving your network this would be fine, but to see all the
    traffic you would need to monitor the vlan.

    > also, i want to monitor via an ssh session to a linux machine (having 2
    > nics) one plugged into 24, and the other to a live port (so i can
    > access it remotely via ssh, because span disables the traffic on port
    > 24 (e.g. although i can ping the interface from my workstation, i can't
    > ssh into it). i don't have console access or a monitor on this linux
    > machine.


    What I would normally do is disable ip on the monitoring interface.
    This to prevent it from generating its own traffic then showing up in
    the dump.

    This would also make it possible to connect through the other interface
    with ssh.
    This should be possible even though you have an IP address on it but
    you might need to tweek the setup to force it to use the "right"
    interface for outbound traffic.

    Disabling IP on the interface would be the cleanest setup I think.

    Hope some of this made sense :)

    -SAto
     
    SAto, Jun 30, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David K
    Replies:
    3
    Views:
    522
    Herb Martin
    Nov 22, 2003
  2. fre

    What is a Spanned Archive?

    fre, Aug 15, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    2,877
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Aug 15, 2004
  3. Henny Jansen

    mirroring and spanned volumes on W2000 server

    Henny Jansen, Oct 4, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    450
  4. Johnatthon

    Wireless NIC & Wired NIC Bridging

    Johnatthon, May 2, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    942
    Johnatthon
    May 2, 2006
  5. =?Utf-8?B?R0dpbk5K?=

    XP - Allow wired NIC to use the wireless NIC (packet forwarding)

    =?Utf-8?B?R0dpbk5K?=, Jul 14, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    770
    =?Utf-8?B?R0dpbk5K?=
    Jul 14, 2006
Loading...

Share This Page