Sniffer port in 3550 switches

Sniffer port in 3550 switches
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Sniffer port in 3550 switches jmoseby_ 06-11-2008
Posted by on June 11, 2008, 11:00 am
If you were  Registered and logged in, you could reply and use other advanced thread options

I want to set up a port to monitor ALL the traffic on my network. My
goal is to be able to sniff traffic between any two hosts, regardless
of which switch they are connected to. I also need to sniff traffic
between my hosts and internet hosts.

The network consists of 14 cisco 3550 switches and a handfull of
unmanaged switches connected via crossover cables to various switches.
These switches are interconnected in a variety of ways, fiber on
Gi0/1-2, crossover cables, etc. Everything (as far as I know) is in
VLAN1. I have configured my sniffer (Wireshark) port as follows:

!
interface FastEthernet0/24
description monitor-port-vlan1
port monitor VLAN1
!

Will this do what I need it to do? Could it possibly be this easy?

TIA

JM


Spring Sale Save 20% Banner - Sale Ended 5/3/07 So Updated to NonPromo Ad
Posted by alexd on June 11, 2008, 2:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Wed, 11 Jun 2008 15:00:34 +0000, jmoseby_ wrote:

> I want to set up a port to monitor ALL the traffic on my network. My
> goal is to be able to sniff traffic between any two hosts, regardless of
> which switch they are connected to.

> interface FastEthernet0/24
> description monitor-port-vlan1
> port monitor VLAN1
> !
>
> Will this do what I need it to do? Could it possibly be this easy?

No. You will to tell the other 13 switches to monitor VLAN1 also, eg:

monitor session 1 source vlan 1 rx
monitor session 1 destination remote vlan 10

And then port monitor VLAN10 instead [not going to work on the unmanaged
switch]. However, I would caution that you could end up overwhelming your
network with traffic. What exactly are you trying to achieve? If it's
just statistics you're after, how about SNMP or Netflow? If you want
every frame, you'd be best served by being a bit more specific. If you
/do/ decide to monitor all those ports, make sure you've got a big hard
drive on your Wireshark monitoring station ;-)

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
18:52:18 up 3 days, 7:59, 1 user, load average: 0.01, 0.01, 0.00
Convergence, n: The act of using separate DSL circuits for voice and data

Posted by on June 11, 2008, 4:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>On Wed, 11 Jun 2008 15:00:34 +0000, jmoseby_ wrote:
>
>> I want to set up a port to monitor ALL the traffic on my network. My
>> goal is to be able to sniff traffic between any two hosts, regardless of
>> which switch they are connected to.
>
>> interface FastEthernet0/24
>> description monitor-port-vlan1
>> port monitor VLAN1
>> !
>>
>> Will this do what I need it to do? Could it possibly be this easy?
>
>No. You will to tell the other 13 switches to monitor VLAN1 also, eg:
>
>monitor session 1 source vlan 1 rx
>monitor session 1 destination remote vlan 10
>
>And then port monitor VLAN10 instead [not going to work on the unmanaged
>switch]. However, I would caution that you could end up overwhelming your
>network with traffic. What exactly are you trying to achieve?

I don't want to cause undue stress on the network, I would just like
to have the flexibility to monitor hosts on my network without having
to configure it every time. So instead, say I want to monitor a
specific host. How would I go about setting up monitoring in this
scenario:

[Wireshark]--Fa0/24--[SWITCH1]--Gi0/1--[SWITCH2]--Fa0/12-[TARGETHOST]

Thanks!

JM





Similar ThreadsPosted
Pruning on 3500 and 3550 series switches November 1, 2005, 1:56 pm
connecting two 3550 switches with VLAN IP routing November 7, 2006, 9:09 am
Confused - VLANs, 3550 and 2950 switches November 10, 2006, 10:54 am
Cisco Catalyst 3550 causes "Excessive jabbering" on HP switches September 19, 2005, 10:44 pm
cisco 3550 24 port SMI April 26, 2006, 1:35 am
Sniffer? June 16, 2007, 11:35 pm
PIX: PSK, sniffer and hash October 5, 2005, 2:11 pm
trunking / port channel 4108gl and Cisco 3550 August 21, 2006, 5:25 am
Hardware Based Sniffer March 16, 2005, 7:02 pm
freeware sniffer for windows? September 14, 2006, 12:56 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map