ON a 3750 switch, I have a windows system with Ethereal on it, which I'm remote-controlling via VNC. I configure the 3750 with:
monitor session 1 source int gi1/0/12
monitor session 1 dest int gi1/0/10
Obviously this copies all the traffic from 1/0/12, to 1/0/10 just fine. However, it's preventing the machine that's on 1/0/10 from sending/receiving its OWN traffic on the LAN. ie. I can't maintain a VNC session to my ethereal machine, after I enable the monitor session. Is this by design, or can I alter the command to allow local traffic to/from the destination, so I can VNC to my ethereal machine?
When set a port to be destination for SPAN traffic it will only collect information from a source and cannot be used a "normal" network traffic.
So you will need to install a second NIC connected to another port on the switch on the VNC client computer to be able to remote control a the monitoring computer.
Here is a good link:
Do you know why I can connect to a SPAN destination port to remote control my portable running sniffer software if I enable ingress forwarding for that monitor session destination port?
This only works with a NIC with enahnced drivers I got from the Sniffer software developers Network General.
By default in normal configuration SPAN destination port will not let normal traffic in LAN to be forwarded for that port and is only used for monitoring purpose but incase you want forwarding of incoming traffic on the destination SPAN port you need to configure "ingress" command in SPAn destination configuration.
Something like this
monitor session 2 destination interface gig1/0/2 encapsulation replicate ingress dot1q vlan 6
Have a look at this link for more details
HTH, if yes please rate the post.
Thanks for reply. But I have ingress enabled on a 3550 switch and can connect to my sniffer portable via the LAN but on an identical switch with another laptop with same SPAN configuration I cannot connect to that portable? Any ideas.
The destination port is thus:
monitor session 1 destination interface fa0/37 ingress vlan 1
If ingress command is enable you should be able to connect provided you have a proper route for that sniffer portable connected to 3550 on vlan1.
Just check if you have a proper route to the machine.
As you said you are able to connect to one portable sinnfer on 3550 but not on another which is on snother 3550 switch.
Are they both on same subnet? Are the 2 switches connected directly?
Also to check if ingress command is working do you have any other machine on vlan 1 on same 3550 on which you have portable sniffer to which you are not able to connect. If not can you connect one pc to vlan 1 and try to ping to that portable sniffer and see if you get a reply.
I appreciate all your help so far with this.
Does the NIC on the portable need any special or enhanced drivers. The second portable that I cannot see on the network does not have the General Network Sniffer sotware withits enhanced NIC drivers.
It is just using Ethereal and no special NIC drivers.
Monitor ports ingress traffic will be dropped and so you will not be able to establish the network connectivity with the Analyser