The documentation on this subject is extensive and like all things Cisco somewhat archaic. I'm posting this here in an attempt to simplify and as a reminder to myself the next time I need to do this. Telnet in to your switch and issue the following commands:
1) enable
2) configure terminal
3) no monitor session all
4) monitor session 1 source interface fastEthernet0/1 both
5) monitor session 1 destination interface fast/Ethernet0/10
6) end
Command 3 clears any existing SPAN sessions. You can change the port number at the end of command 4 to the port of the uplink on the switch to monitor all traffic. Alternately you can specify a range of ports. Change the port number at the end of command 5 to the port on which you intend to set up your sniffer.
In order to turn the SPAN off then rerun the first three commands.
That's basically all there is to it. Now plug in a laptop to the monitor port and run dumpcap on the ethernet interface.
No comments:
Post a Comment