Hi,I think you want to

martlee2 · ‎10-23-2015

i use the same vlan , i can not get things in tcpdump

i can only use different vlan and monitor to get things from tcpdump,

as i see that the monitor port can not be pingable and i guess it do not accept packet

i see that IPS can do TCP reset in monitor case,

i can find the sequence number in monitor with c program, however

how to send tcp reset for the tcp session in another vlan?

ubuntu A ---------- f1/0 Switch f1/1 --------- ubuntu B

conf t
snmp-server community rkey1 ro
snmp-server enable traps
end
conf t
hostname Switch1
vlan 10
int vlan 10
ip address 192.168.1.254 255.255.255.0
end
conf t
vlan 12
int vlan 12
ip address 192.168.2.254 255.255.255.0
end
conf t
int fa1/0
switchport
switchport access vlan 12
switchport mode access
no shut
end
conf t
int fa1/1
switchport
switchport access vlan 10
switchport mode access
no shut
end
conf t
line vty 0 4
password cisco
login
end
conf t
monitor session 1 source interface fa1/1
monitor session 1 destination interface fa1/0
end

Ashish · ‎10-27-2015

Hi,

I think you want to enable ingress traffic on the destination port. You can use the following configuration,
monitor session session_numberdestination interface interface-id[encapsulation {dot1q}] [ingress vlanvlan id]

Check the following link,
Creating a SPAN Session and Enabling Ingress Traffic
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2940/software/release/12-1_19_ea1/configuration/guide/2940scg_1/swspan.html#wp1218090

Thanks

how to accept packet in the port which is destination of monitor?