packet sniffing a trunk link

Unanswered Question
Nov 18th, 2008
User Badges:

Hi all, If I set up a trunk with all my vlans on one port, if I use ethereal and plug into it, will I see all broadcasts etc for all vlans?


When using ethereal, am i right in saying it still works without an ip ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ropethic Tue, 11/18/2008 - 13:17
User Badges:
  • Silver, 250 points or more

You will need to setup a SPAN session with the trunked port as the source port to a destination port where the sniffer will be plugged into.

When monitoring a trunk source port all active vlan traffic is monitored.

You dont need an IP in order capture data.


http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml

jedavis Tue, 11/18/2008 - 13:19
User Badges:

Hi Carl,


I believe that is true - you see all the traffic on all the Vlans. However, I think that span may strip off the dot1q headers so you don't know what vlan any particular packet came from. Set up a span/port monitoring session and give it a try. You have nothing to lose.


Ethereal (AKA Wireshark) does not even need the IP protocol bound to the monitor NIC.

Actions

This Discussion