By default, when you plug a Sniffer into a switch you will only see
broadcast traffic for the VLAN that the physical port you are plugged into
is a member of. You are however able to "span" ports or VLANs. That is,
you are able to "span" an entire VLAN or individual ports to a "monitor"
port.
This is accomplished with the "span" command on a 6000 or 5000 series Cisco
switch. I don't remember the exact syntax for 2900 and 3500 series off the
top of my head.
After implementing the span, all traffic for the VLAN or port you are
spanning to the monitor port will be visible to the Sniffer. The Sniffer is
of course plugged into the monitor port.
Hope this helps...
Chris Lemagie
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
NetEng
Sent: Wednesday, March 21, 2001 1:46 PM
To: [EMAIL PROTECTED]
Subject: Whew! Can you smell that VLan?
We have had a pissing match lately and here's the details. One person states
that a VLan can not be sniffed because it is on a different subnet. The
other person says it can becuase it's physically on the same switch. I think
you can to a point. Here's what I mean; let's say we have a 3524 with two
Vlans, VLAN1 (we'll call it InfoSys), and VLAN2 (called HR). If I have a
sniffer running on InfoSys, I should be able to sniff traffic on my subnet
as well as traffic from HR to InfoSys (ie HR employee accessing mail server
on InfoSys), right? The only difference is that the source MAC address would
change. I should not be able to sniff traffic local to HR (ie an employee
accessing accounting software) right? What's the rub?
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
