Hi I have a Cisco Catalyst WS-C3548-XL-EN. My company has third party software that resides on our desktop machines that enables remote session within the LAN. some users think that there is something scanning our netowork and trying to connect remotely within the network. Is their a way that I can mirror a port to another and capture the traffic or look at a specfic port and see what is trying to connect?
The 3550XL series switches are a little different than most other switches to SPAN switchports. Make sure the user port and the sniffer port is on the same VLAN. Here is an example of spanning a port where 0/1 is the user, and 0/2 is the sniffer.
port monitor fa0/1