05-29-2017 04:29 PM - edited 03-08-2019 10:46 AM
Hello,
We were doing a wireshark capture on one of the 3800 (all 1G sfp slots). We were using one of the ports with GLC-T to capture traffic on a specific vlan as the layer 3 resides on this switch.
On connecting our laptop & putting in the required span configurations, the ethernet port of the laptop didn't appear to be connecting however the captures were happening. Does the laptop connected port need any specific configuration (eg. an IP or vlan on it )?
Thanks in advance.
Solved! Go to Solution.
05-29-2017 06:49 PM
Hi,
Have a look. Here is an example with source and destination:
monitor session 1 source interface gigabitEthernet 1/0/2
monitor session 1 destination interface gigabitEthernet 1/0/3
Destination port is port your pc/laptop connected to running Wireshark.
Link for 3850 series:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/network_management/configuration_guide/b_nm_3se_3850_cg/b_nm_3se_3850_cg_chapter_0111.html#d35770e1987a1635
HTH
05-29-2017 05:55 PM
Hi,
Yes, the laptop needs to have an IP address to connect to the network. You can put the laptop in the same subnet as the source or could be in a different vlan/subnet.
HTH
05-29-2017 06:22 PM
Thanks. i see, i was under the impression that the port connected to laptop (with wireshark) only needs switchport & switchport monitor command.
I also noticed the following when connected to it. there was no option of switchport monitor command. Please help.
sw-loc1(config)#int GigabitEthernet1/0/2
sw-loc1(config-if)#shu
sw-loc1(config-if)#switchport monito
sw-loc1(config-if)#switchport ?
access Set access mode characteristics of the interface
autostate Include or exclude this port from vlan link up calculation
backup Set backup for the interface
block Disable forwarding of unknown uni/multi cast addresses
host Set port host
mode Set trunking mode of the interface
nonegotiate Device will not engage in negotiation protocol on this interface
port-security Security related command
priority Set appliance 802.1p priority
protected Configure an interface to be a protected port
trunk Set trunking characteristics of the interface
voice Voice appliance attributes
05-29-2017 06:49 PM
Hi,
Have a look. Here is an example with source and destination:
monitor session 1 source interface gigabitEthernet 1/0/2
monitor session 1 destination interface gigabitEthernet 1/0/3
Destination port is port your pc/laptop connected to running Wireshark.
Link for 3850 series:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/network_management/configuration_guide/b_nm_3se_3850_cg/b_nm_3se_3850_cg_chapter_0111.html#d35770e1987a1635
HTH
05-30-2017 09:44 PM
Thanks.
In my case, the source is an entire vlan.
so, monitor session 1 source vlan 86 both
the network uses dhcp ip's. So should the destination port (connecting the wireshark laptop) be just configured as access vlan for that dhcp network so it could get ip?
05-30-2017 11:00 PM
leave default configuration port for destination port.
you cannot use monitoring destination port for remote access.
If you need manage your laptop so you need additional physical interface, wireless for example.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide