Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
2
Replies

Traffic filtering

darenn
Level 1
Level 1

‎02-21-2006 03:03 AM - edited ‎03-03-2019 01:55 AM

Hi,

I wonder if someone can please help.

A customer has two Layer2 switch's trunked to each other, and is requesting what conversations are flowing between the two switches. There is a total of 10 Vlans on each switch. They need a permanent setup to check the dataflow. We don't really want to leave a sniffer running on one of the switch's SPANning the Trunk port. Is there another way we can see source/destination IPs such as VACL's. One of the switches is a 4948.

Labels:
0 Helpful
2 Replies 2

leonvd79
Level 4
Level 4

‎02-21-2006 03:44 AM

Higher end switches support NetFlow accounting.

Sniffer software such as Etherreal has powerfull capabilities and are able to filter packets based on protcol type, source/destination and TCP/UDP ports. If you don't want to capture ALL traffic try to start by capturing subnet attached to VLAN 1, and do the same for the consecutive VLANs.

0 Helpful

arvindchari
Level 3
Level 3
In response to leonvd79

‎02-21-2006 04:03 AM

What would be the likely purpose of capturing all data / traffic originating from all ports? If it is something related to traffic shaping or predicting traffic flows over a period of time based on the models that are garnered, I think NBAR would suffice very nicely.

0 Helpful
Customers Also Viewed These Support Documents