Packet capture

sushil · ‎01-14-2010

Hi my network is like this.

ISP-->Router--->ASA(PATTED)----trunk/routed port------------------> Switch(vlans)--->internal users

Valns are not communicating among each other.I am able to capture the packet on particular vlan.Say vlan5 with 192.168.5.1 gateway.A host with ip 192.168.5.10 (acting as capture wireshark server)and gateway as that of 192.168.5.1 is able to capture the traffic.The other vlan say with vlan6 is with ip 192.168.6.1 as g/w n so on.

All traffic from all vlans 5,6 and so on is routing traffic towards ASA with routed/trunk port.

I wanted to capture traffic for whole network using one node in exsiting vlan and capture the traffic.How can I achieve that in existing setup.

Thanks,

Sushil

Anupam Datta · ‎01-14-2010

Hi,

you can do this by SPAN. Configure the Trunk port connected with ASA as source , and the port connected with Wireshirk Server as destination of the monitor session. Hope this document on SPAN , could be helpfull to you. www.cisco.com/en/US/docs/switches/lan/.../span.html

Ganesh Hariharan · ‎01-15-2010

Hi Sushil,

You can create a span port and make that port to capture traffic for all the vlan by this command in switch

monitor session 1 source vlan range

monitor session 1 destination interface "desktop ip"

As you have already stated that wireshark is running in your PC and configure that interface as destination port for traffic spanning.

Hope that helps out your query !!

Regards

Ganesh.H