ohassairi Sat, 11/10/2007 - 10:19

what do you mean by monitor?

if you would like just to have a copy of the traffic then you need to do SPAN (switch port analyzer) and use software (like ethereal) to capture and disply the traffic (think to use filters).

if you think about viruses, then you must monitor that before coming to your swtch using smtp gateways.

if you think about attacks, use SPAN and IDS/IPS.

cedric.spence Sat, 11/10/2007 - 14:42

OK, know I have a track to follow. So basically I have to enable SPAN on the catalyst 4506. I was able to look through the documentation and read that I had to use "set span 'source port' 'destination port'..

This brings to light three question.

what is the syntax used to set span for all port going to the one destination port?

How can I tell mod/src_ports ?

I see that the CNA can give me a visual layout of a switch mod/src_ports. What version works with the catalyst 4506?

ddemirchi Sat, 11/10/2007 - 14:56


switch (enable) set span 5/1 5/2

everything on 5/1 will copied to 5/2

Use Ethereal, wireshark or Microsoft Network Monitor 3.1 to capture the data.

Connect your pc/laptop to 5/2 and start either above application and start to capture it

- show span to display any configured ports

- set span disable 5/1

You can find additional documentation from;



This Discussion