Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
5
Replies

Switch Port Mirroring Problem

sureshkumaar13
Level 1
Level 1

‎02-03-2014 03:30 AM - edited ‎03-07-2019 05:57 PM

Hi,

Configured port mirroring in Cisco 6509E, but unable to see and capture trafffic of protocols like ssh, telnet, ftp, tftp and so on.

The setup is like this configured source on the port of 6509 switch connecting to asa and going outside( port gig2/24), destination at inside one port of the switch and using webscense app for capturing (port gig2/14).

This is the IOS we are using -- s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-VM), Version 12.2(33)SXH5.

The below are the confoiguration used.

1. monitor session 1 source int giga ethernet 2/24

2. monitor session 1 destination giga ethernet 2/14

Kindly help me resolving the problem.

Thanks & regards

Suresh Kumar Balakrishnan


Labels:
0 Helpful
5 Replies 5

John Blakley
VIP Alumni
VIP Alumni

‎02-03-2014 03:54 AM

Using websense app for a destination? You're probably going to want to look at wccp..

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

sureshkumaar13
Level 1
Level 1
In response to John Blakley

‎02-17-2014 03:12 AM

Hi Mr. John,

You mean to say port mirroring will not work.

Also if wccp is the solution, kindly request sample configuration or link for that.

Thanks & Regards

Suresh Kumar

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sureshkumaar13

‎02-17-2014 05:46 AM

Suresh

It depends on what you are trying to do. If you are trying to redirect http traffic to a proxy server for example then WCCP is the way to go although i have never used it before.

If you simply want to see what traffic is leaving the gi2/24 port towards the ASA then port mirroring is the answer but you need to use a packet capturing tool to see the traffic.

So which do you actually want to do ?

Jon

0 Helpful

sureshkumaar13
Level 1
Level 1
In response to Jon Marshall

‎02-18-2014 03:27 AM

Hi Jhon,

I want to see the traffic ( using webscense) using port mirroring.

But in my case i am not able to see the traffic like telnet, ssh, ftp, tftp and others using the above two line commands which i mentioned above.

Is there any other specific configuration, kindly help me out.

Thanks & Regards

Suresh Kumar

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sureshkumaar13

‎02-18-2014 03:31 AM

Suresh

Not familiar with Websense but did a quick search and it seems like it supports tcpdump at the command line.

Is this what you are using ?

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card