02-21-2006 03:03 AM - edited 03-03-2019 01:55 AM
Hi,
I wonder if someone can please help.
A customer has two Layer2 switch's trunked to each other, and is requesting what conversations are flowing between the two switches. There is a total of 10 Vlans on each switch. They need a permanent setup to check the dataflow. We don't really want to leave a sniffer running on one of the switch's SPANning the Trunk port. Is there another way we can see source/destination IPs such as VACL's. One of the switches is a 4948.
02-21-2006 03:44 AM
Higher end switches support NetFlow accounting.
Sniffer software such as Etherreal has powerfull capabilities and are able to filter packets based on protcol type, source/destination and TCP/UDP ports. If you don't want to capture ALL traffic try to start by capturing subnet attached to VLAN 1, and do the same for the consecutive VLANs.
02-21-2006 04:03 AM
What would be the likely purpose of capturing all data / traffic originating from all ports? If it is something related to traffic shaping or predicting traffic flows over a period of time based on the models that are garnered, I think NBAR would suffice very nicely.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: