Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1826
Views
5
Helpful
7
Replies

how can I sniff all traffic of all ports in cisco 3560

ehudcarmeli
Level 1
Level 1

‎04-07-2022 02:18 AM

Is it possible to sniff all ports of the switch?

Let's say I am using 20 ports with total traffic of less than 1G (all together) and I want to connect Wireshark to one of the ports and sniff all traffic from all ports, can this be done? any limitation? If this product doesn't support it which can?

 

Thanks, Ehud

Labels:
0 Helpful
7 Replies 7

ehudcarmeli
Level 1
Level 1
In response to Jon Marshall

‎04-07-2022 03:56 AM

Thank you very much Jon !
Assuming I will use it to monitor physical ports "

For EtherChannel sources, you can monitor traffic for the entire EtherChannel or individually on a physical port as it participates in the port-channel"

will I be able to span all 20+ ports into one port?

 

Thanks, Ehud

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to ehudcarmeli

‎04-07-2022 04:09 AM

 

Yes, if you read the document it does say you can span all ports on the switch. 

 

Jon

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎04-07-2022 05:47 AM - edited ‎04-07-2022 05:48 AM

yes it does :

monitor session session_number source {interface interface-id | vlan vlan-id} [, | -] [both | rx | tx]

Specify the SPAN session and the source port (monitored port).

For session_number, the range is 1 to 66.

For interface-id, specify the source port or source VLAN to monitor.

 

For source interface-id, specify the source port to monitor. Valid interfaces include physical interfaces and port-channel logical interfaces (port-channel port-channel-number). Valid port-channel numbers are 1 to 48.


 

For vlan-id, specify the source VLAN to monitor. The range is 1 to 4094 (excluding the RSPAN VLAN).

Note

 

A single session can include multiple sources (ports or VLANs), defined in a series of commands, but you cannot combine source ports and source VLANs in one session.

(Optional) [, | -] Specify a series or range of interfaces. Enter a space before and after the comma; enter a space before and after the hyphen.

(Optional) Specify the direction of traffic to monitor. If you do not specify a traffic direction, the SPAN monitors both sent and received traffic.


 

both—Monitor both received and sent traffic. This is the default.


 

rx—Monitor received traffic.


 

tx—Monitor sent traffic.

Note


 

You can use the monitor session session_number source command multiple times to configure multiple source ports.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

S Kumar
Level 1
Level 1

‎04-07-2022 02:28 PM

Lets say you connected the Wireshark at port # 24 and you want to sniff from port # 1 thru 23.

 

monitor session 1 source interface Gi1/0/1 - 23
monitor session 1 destination interface Gi1/0/24
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to S Kumar

‎04-07-2022 03:29 PM

My read of the documentation would be, you'll need to:

monitor session 1 source interface Gi1/0/1
monitor session 1 source interface Gi1/0/2
.
.
monitor session 1 source interface Gi1/0/23
monitor session 1 destination interface Gi1/0/24

balaji.bandi
Hall of Fame
Hall of Fame
In response to S Kumar

‎04-07-2022 07:39 PM

Unfortunately there is no range command works for source ports

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents