Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
4
Replies

Cannot sniff traffic spanned on a 2950

tllewellyn
Level 1
Level 1

‎07-03-2002 06:39 AM - edited ‎03-01-2019 11:27 PM

Pardon me if this has been asked and answered, but I did look around and I did not see it.

I have set up a monitor session on a 2950 but I cannot see the traffic. The applications I am using, windump and ethereal on win2k, are vlan aware, but using "vlan" as an expression in windump or as a filter in ethereal does not work.

If I omit the vlan filter, I see stuff like bpdus and cdp stuff. When I apply the filter, I see nothing at all. In windump I use a command like like:

windump -i 3 vlan

or

windump -e -i 3 vlan

I am using the latest and greatest winpcap, windump, ethereal, etc. I also know that I could probably use a real sniffer, but I kind of hate to ask my boss to spend $20,000 just because a freebie doesn't want to work for me. (I'd rather ask him to spend $20,000 based on what the real sniffer can do that the freebie can't! ;-) )

Labels:
0 Helpful
4 Replies 4

donewald
Level 6
Level 6

‎07-05-2002 07:06 AM

Possilby if you included your monitor configuration in your request we could help you more. The products you are trying to use should work for you fine but if your monitor is setup incorrectly you will see nothing.

Hope this helps,

Don

0 Helpful

tllewellyn
Level 1
Level 1
In response to donewald

‎07-11-2002 02:45 AM

Here's my monitor config:

monitor session 1 source interface Fa0/2

monitor session 1 destination interface Fa0/3

The first command was entered with "both" at the end, but it doesn't show up in the config. The IOS is version 12.1(9)EA1 enhanced image for the 2950.

Thanks,

Ted

0 Helpful

Prashanth Krishnappa
Cisco Employee
Cisco Employee

‎07-08-2002 05:24 PM

Try ethereal. It's a great free sniffer software which can be downloaded from the web at

http://www.ethereal.com/

SPAN capablilities are pretty basic in a 2950 and more info can be found on CCO at

http://cio.cisco.com/univercd/cc/td/doc/product/lan/cat2950/1219ea1/scg/swspan.htm

http://www.cisco.com/warp/public/473/41.html

0 Helpful

tllewellyn
Level 1
Level 1
In response to Prashanth Krishnappa

‎07-11-2002 02:41 AM

Actually, I started with Ethereal, and switched to windump because both ride on wincap and I find it easier to troubleshoot a command line app because the GUI just gets in the way if things are not working. Thanks for the note, though.

0 Helpful
Customers Also Viewed These Support Documents