We have recently had the observer network monitoring tool, We have got about 15 switches on site, If I plug a probe onto 1 of the switches, will it monitor all traffic between all the switches, say for example if 2 pc's are in the same switch and the probe is in another, will the probe pick this up ?
Switches are Collision domain boundaries. Each port on your switch in effect is a different segment with the switch as a bridge (switch - bridge same thing). The function of a bridge is to only forward traffic to a port if that traffic is destined for something on that port. The only thing that breaks this rule is broadcast traffic as the broadcast address cannot physicaly "be" anywhere so the switch floods it to all ports.
The downside is that a sniffer plugged into a port will only ever see broadcast traffic (ok ok multicast too).
You can use a SPAN port or what the rest of the world knows as a mirror port to see exactly what another port is seeing (hence "mirror"). Thats fine except that if you try to mirror too many ports at once you can potentially overwhelm your mirror port as many 100megs into one 100meg doesn't go(and an incomplete trace is a useless trace).
So in answer to your question, you can't.
The only thing that has full information about each of the hosts connected to a switch is the switch itself.
You need to investigate how to get the information you need from the switch. One possibility is SNMP although this often requires expensive software. Also look into sFlow and netflow, there's plenty of info on the web - google it. This may give you what you need although I'm not sure how far along cisco is with implementing sFlow.
You can get an open source package called ntop which is an sFlow and netflow collector which you browse to to get results. Run it on linux and its free.
The Network Instruments Observer product includes a feature called "Switched Observer". This feature includes scripts that allow Observer to control the port mirroring on Cisco switches such that the Observer will cycle through the ports. Each port is monitored briefly, then the next, and so on. The data is extrapolated to cover the entire polling time. Research this feature and you may find it does what you need, although I do not know if one Observer can poll across mutliple switches using RSPAN. I know it can poll all ports in a single switch using SPAN sessions. Depending on your topology, you may be able to use the Multi-Probe to get several Probe interfaces.
Observer is a great product and a great value, IMO.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...