Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
2
Replies

Traffic Sniffing Question (Easy)

gus.dalinis
Level 1
Level 1

‎10-17-2007 10:28 AM - edited ‎03-05-2019 07:09 PM

Hi All,

I have an easy question. I want to sniff a network port on my 3560 switch. I was going to use SPAN to repeat the traffic to another interface, plug my laptop into that interface and watch the traffic.

My question is, when I plug my laptop into the SPAN'd port, do I give it an IP address of its own or do I give it the IP address of the machine being monitored?

Also, if there is a better way other than SPAN and a Laptop with sniffing software, recommendations would be appreciated. Thanks!

Gus

Labels:
0 Helpful
2 Replies 2

cisconoobie
Level 2
Level 2

‎10-17-2007 01:48 PM

I have my port blank, only spanning-tree portfast.

Install ethereal and set to capture packets for your port.

0 Helpful

andrew.butterworth
Level 7
Level 7

‎10-17-2007 02:05 PM

Personally I have a PCMCIA NIC installed in my laptop in addition to the onboard NIC. I have all the bindings removed from this 2nd NIC to stop Windows attempting to use it for networking. I use this 2nd NIC as a solely monitor interface. The leaves me able to still telnet etc from the other NIC, plus it stops me capturing packets that the PC is generating.

I use WireShark (what was Ethereal) and think this is an excellent piece of (free) software.

If you are sniffing VLAN Trunks or ports using Voice VLANs be careful with Intel & Broadcom drivers since they strip the VLAN tags off before passing the frames up the stack. Both have registry keys to disable this behaviour.

HTH

Andy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card