10-27-2009 05:22 AM - edited 03-04-2019 06:30 AM
Hy,
I would like to use the cisco switch such as a hub.
I had already configutation the next lines:
monitor session 1 source interface gigabitEthernet 0/3 tx
monitor session 1 destination interface gigabitEthernet 0/17
Before I login to server (it is gigabitEthernet 0/17) and I ran tcp dump.
I had to delete 'monitor session 1 destination interface gigabitEthernet 0/17' because the server was very slow.
Thank you for the help to everybody.
Solved! Go to Solution.
10-27-2009 09:32 AM
All traffic transmitted out of g0/3 will be mirrored to g0/17 thus if it is a lot of traffic, the server will have to be able to capture all this traffic and processed internally. If the server was slow, I recommend checking the CPU stat on the server and determine what was causing the slowness - perhaps the tcp dump..
I recommend using a packet analyzer instead of tcp dump. You can get WireShark for free.
Also, be aware - the server won't be able to send any traffic out of g0/17 as the port is set to 'monitor'. If the server is trying to access resources during a login or after login, it may be perceived as being slow but the problem is the server is unable to connect to any resources in the network.
This is normal behavior and you must make sure the monitoring station does not need to access any devices in the network (printers, map drives, etc).
Regards
Edison.
10-27-2009 09:32 AM
All traffic transmitted out of g0/3 will be mirrored to g0/17 thus if it is a lot of traffic, the server will have to be able to capture all this traffic and processed internally. If the server was slow, I recommend checking the CPU stat on the server and determine what was causing the slowness - perhaps the tcp dump..
I recommend using a packet analyzer instead of tcp dump. You can get WireShark for free.
Also, be aware - the server won't be able to send any traffic out of g0/17 as the port is set to 'monitor'. If the server is trying to access resources during a login or after login, it may be perceived as being slow but the problem is the server is unable to connect to any resources in the network.
This is normal behavior and you must make sure the monitoring station does not need to access any devices in the network (printers, map drives, etc).
Regards
Edison.
10-28-2009 06:53 AM
Edison,
Thank you for your help.
I could find that what was the trouble. I dont know that the 'monitor session 1 destination â¦.' command is stop the line protocol on interface. I know it by now.
I will use two network card in server and I still monitor the traffic on either port of switch and I will connect the server on other port. Then I will can run tcpdump or other packet sniffer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: