We want to set up a sniffer to monitor the data traffic between several ports. Here we are assuming that the switch you are using is a Cisco IOS switch (e.g. Cisco Catalyst 3750).
Cisco uses the term SPAN (Switched Port Analyzer) port, to refer to ports that are involved in port mirroring or port monitoring.
Source SPAN port refers to the switch port of the server or node which you are interested in monitoring the data traffic.
In this example, Server A is connected to GigabitEthernet1/0/16 and Server B is connected to GigabitEthernet1/0/17. We want to monitor the data packets flowing between Server A and Server B.
Destination SPAN port refers to the switch port where you will be connecting the sniffer or network analyzer.
In this example, the sniffer is connected to GigabitEthernet1/0/28.
With the above information, we are now ready to configure the switch.
The commands are as follows:
For source SPAN ports GigabitEthernet1/0/16 and GigabitEthernet1/0/17
c3750(config)# monitor session 1 source interface GigabitEthernet1/0/16
c3750(config)# monitor session 1 source interface GigabitEthernet1/0/17
For destination SPAN port GigabitEthernet1/0/28
c3750(config)# monitor session 1 destination interface GigabitEthernet1/0/28 encapsulation
Putting it all together:
c3750# configure terminal
c3750(config)# monitor session 1 source interface GigabitEthernet1/0/16
c3750(config)# monitor session 1 source interface GigabitEthernet1/0/17
c3750(config)# monitor session 1 destination interface GigabitEthernet1/0/28 encapsulation
c3750(config)# end
c3750# show monitor session 1
c3750# write
Output of show monitor session 1:
c3750# show monitor session 1
Session 1
---------
Type : Local Session
Source Ports :
Both : Gi1/0/16,Gi1/0/17
Destination Ports : Gi1/0/28
Encapsulation : Native
Ingress : Disabled
To remove SPAN configuration:
c3750# configure terminal
c3750(config)# no monitor session 1
c3750(config)# end
c3750# write
Post a Comment