Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
197
Views
0
Helpful
2
Replies

use of port monitor (SPAN)

tato386
Level 6
Level 6

‎09-09-2003 05:49 PM - edited ‎03-02-2019 10:13 AM

The port monitor command seems pretty straightforward but I can't seem to get it to work using a Windows 2K station running the MS network monitor utility. I would like to monitor all of the interfaces on a 2900XL switch from the interface that my Windows machine is on but I only get local and broadcast packets. I have entered the port monitor fax/y command for all other ports under the config of the Windows port but still no data. What else do I need to do?

Thanks,

Diego

Labels:
0 Helpful
2 Replies 2

dgahm
Level 8
Level 8

‎09-09-2003 06:39 PM

Do the "show interface" counters on the monitoring port indicate the amount of output traffic you are expecting?

The problem may be with your PC. The NIC needs to be operating in promiscuous mode in order to capture all frames. I am a NAI Sniffer guy myself, so am not very familiar with the MS network monitor (though I hear it is pretty limited). Are there any config settings that might allow you to select promiscuous? The default may be to just look at frames with your MAC address as well as broadcast. You might want to do some research on WinPcap, and the other freeware IDS and monitoring utilities that work with it.

It is also well known that many NIC models will not operate promiscuously. You may have one of those.

0 Helpful

tato386
Level 6
Level 6
In response to dgahm

‎09-10-2003 06:04 AM

I will investigate the NIC further.

Thanks,

Diego

0 Helpful
Customers Also Viewed These Support Documents