Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3282
Views
0
Helpful
3
Replies

Sniffing Packet over VLAN

normanzhang
Level 1
Level 1

‎08-13-2004 09:37 AM - edited ‎03-02-2019 05:45 PM

Hi,

I'm wondering can packet sniffer like ethereal capture packets in different VLAN, if ip routing is enabled on the switch?

Regards,

Norman

Labels:
0 Helpful
3 Replies 3

pmajumder
Level 3
Level 3

‎08-13-2004 09:52 AM

Hello,

I don't believe it can, unless you span the other VLAN to the port the Ethereal PC (or other packet sniffer products) is connected to.

Regards

Pradeep

0 Helpful

dnewell24
Level 1
Level 1

‎08-13-2004 12:17 PM

If your goal is to see incoming traffic enter one VLAN, be routed, and come out another VLAN then the answer is no. The SPAN feature can monitor multiple VLANs but only incoming traffic for those VLANs.

If you knew the specific ports the traffic flow will go through you can span incoming and outgoing traffic on ports. For this to work you would have to setup multiple sessions. Because SPAN can monitor outgoing traffic on a single port; but cannot monitor outgoing traffic on multiple ports. To get around the setup two sessions with the same destination ports and the diffrent source ports.

Here is a link the covers SPAN

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801ce0bc.html#1036816

0 Helpful

peter.mainwaring
Level 1
Level 1
In response to dnewell24

‎08-14-2004 01:55 AM

I sometimes SPAN the Gigabit uplink to a 100mbps port to capture traffic on multiple VLANs from a switch (luckily, our Gig port always runs at less than 10%). That works fine, but of course you will have a problem if your Gig ports are busy.

Also, on our 2950's, if I go into config mode and do a help on the "Monitor Session Source" command, I get the following :-

e1-isd-1(config)#mon sess 1 sou int f0/1 ?

, Specify another range of interfaces

- Specify a range of interfaces

both Monitor received and transmitted traffic

rx Monitor received traffic only

tx Monitor transmitted traffic only

The "Specify a range of interfaces" parameter would seem to suggest that you can specify a number of source ports. I've never tried it yet though - must give it a go sometime.

Pete

0 Helpful
Customers Also Viewed These Support Documents