https://community.cisco.com/t5/network-security/catalyst-2960-config-for-wireshark-capture/m-p/4297581#M1078801 <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <PRE>Switch(config)# no monitor session 1 Switch(config)# monitor session 1 source interface gigabitethernet0/1 Switch(config)# monitor session 1 destination interface gigabitethernet0/2 encapsulation replicate Switch(config)# end ! Switch(config)# no monitor session 1 source interface gigabitethernet0/1 Switch(config)# end ! </PRE> <PRE>Embedded packet capture The config was something like: (config mode) ip access-list extended mycapf permit ip host xx.xx.xx.xx any permit ip any host xx.xx.xx.xx (enable mode) monitor capture mycap buffer size 2 circular monitor capture mycap access-list mycapf monitor capture mycap interface Te1/1/1 monitor capture mycap start </PRE> <P>&nbsp;<A href="https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html" target="_self">here</A> this link help you as its an example</P> Thu, 25 Feb 2021 12:32:57 GMT Sheraz.Salim 2021-02-25T12:32:57Z https://community.cisco.com/t5/network-security/catalyst-2960-config-for-wireshark-capture/m-p/4297566#M1078798 <P>Hi.</P><P>&nbsp;</P><P>I'm the network admin for my organization and we've been having some security issues on our network recently so I'm trying to investigate using wireshark. But my issue is that wireshark only captures packets that come to my device's network interfaces even in promiscuous mode since we are using a switched network. So I'm trying to find a way to setup the network that will allow me capture packets passing through the entire network. Perhaps some configuration on the switch that may allow my port see traffic passing through other ports. Or something...</P><P>&nbsp;</P><P>My network has a managed switch(CISCO 2960) as the core switch and connects through a trunk line to an unmanaged switch that distributes to our users.</P><P>&nbsp;</P><P>Any help would be greatly appreciated.</P> Thu, 25 Feb 2021 11:56:40 GMT https://community.cisco.com/t5/network-security/catalyst-2960-config-for-wireshark-capture/m-p/4297566#M1078798 Elopower123 2021-02-25T11:56:40Z https://community.cisco.com/t5/network-security/catalyst-2960-config-for-wireshark-capture/m-p/4297573#M1078799 <P>Make sure you capturing the right place where the traffic leaving from network to get more visibility.</P> <P>if the VLAN you need to add all VLANs - post the configuraiton you configured.</P> <P>&nbsp;</P> <P>or refer below guide :</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swspan.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swspan.html</A></P> <P>&nbsp;</P> Thu, 25 Feb 2021 12:12:06 GMT https://community.cisco.com/t5/network-security/catalyst-2960-config-for-wireshark-capture/m-p/4297573#M1078799 balaji.bandi 2021-02-25T12:12:06Z https://community.cisco.com/t5/network-security/catalyst-2960-config-for-wireshark-capture/m-p/4297581#M1078801 <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <PRE>Switch(config)# no monitor session 1 Switch(config)# monitor session 1 source interface gigabitethernet0/1 Switch(config)# monitor session 1 destination interface gigabitethernet0/2 encapsulation replicate Switch(config)# end ! Switch(config)# no monitor session 1 source interface gigabitethernet0/1 Switch(config)# end ! </PRE> <PRE>Embedded packet capture The config was something like: (config mode) ip access-list extended mycapf permit ip host xx.xx.xx.xx any permit ip any host xx.xx.xx.xx (enable mode) monitor capture mycap buffer size 2 circular monitor capture mycap access-list mycapf monitor capture mycap interface Te1/1/1 monitor capture mycap start </PRE> <P>&nbsp;<A href="https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html" target="_self">here</A> this link help you as its an example</P> Thu, 25 Feb 2021 12:32:57 GMT https://community.cisco.com/t5/network-security/catalyst-2960-config-for-wireshark-capture/m-p/4297581#M1078801 Sheraz.Salim 2021-02-25T12:32:57Z