We have 3524, 3548, 2950 (SMI) and 3550 (SMI) switches. Can I sniff the traffic on all ports by plugging in to one of the ports? Or can I sniff traffic on one siwtch by being plugged in to another? I know I can't by default. What's the best way to set this up?
Im sure you know which switches, the only frames you will catch are broadcasts. If your switch has VLANs, you will only catch broadcasts frames on that VLAN.
Cisco use what they call a monitor port. You can set a monitor port or SPAN port (the one where you plug the sniffer) to recive a copy of all other frames from a particular VLAN or port. The SPAN port can be on a remote switch with some switches called Remote Switch Port Analyser.
You need to configure the monitor port on your switch to catch all non-broadcast frames.
Note the syntax will be different accross your switches as they have different SPAN features, but this link will help:
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...