03-23-2017 08:22 PM - edited 03-08-2019 09:53 AM
Based on the image, is it possible to monitor the traffic to and from 6500?
03-23-2017 09:28 PM
Hi John,
Yes, it is possible, you can monitor an interface trunk and filter the vlans that you want to monitor.
example:
monitor session 1 source interfae g0/1 both
monitor session 1 filter vlan 10 , 35 , 101 , 456 <-- useful to monitor specific vlans otherwise it will monitor all the traffic
monitor session 1 destination interface g0/2
Hope it is useful
:-)
03-24-2017 10:51 AM
Julio my man! You're just too awesome! I wish there's CCIE fellas out here who are as helpful as you!
BTW That filter would specify what VLAN you wanted to monitor, is that correct?
03-24-2017 11:00 AM
Lol, Thank you my friend, your words are really appreciated, the learning time never ends. :-)
About the question, you are correct, usually we are forwarding every vlan through a trunk interface when no filtering or pruning is made on it (switchport trunk allowed vlan A,B,C). So, in order to avoid unnecessary traffic over the sniffer you can specify the vlans that you really want to monitor only.
:-)
03-24-2017 11:19 AM
Got it! Again thank you! At least using wshark would help me what addresses are communicating to and from host machines.
Now reading packets is a totally different ballgame for me I'm wayyyy far from able to understand that ^_^
03-24-2017 11:25 AM
Yeap, Wireshark is a powerful tool for sniffing.
:-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide