RE: Port Spanning (Monitoring) [7:73320]
Hi stevo, I am assuming that the router's working ethernet interface would be connected to some interface on a switch, so won't it be a better idea to monitor that switch port, rather than trying to monitor router interface. HTH Vikram -Original Message- From: Stevo [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 3:15 AM To: [EMAIL PROTECTED] Subject: Port Spanning (Monitoring) [7:73320] Hey all, I have a 3640 router with 2 ethernet interfaces (I'm only using 1 of them) - I'd like to connect a sniffer up to the unused ethernet interface and monitor the traffic from the other interface. Is this possible on a router?? Stevo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73336t=73320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Port Spanning (Monitoring) [7:73320]
It would be useful if the IOS guys added this facility. Specially for monitoring ATM interfaces (sniffer ATM modules are really expensive). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73348t=73320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Port Spanning (Monitoring) [7:73320]
I don't think that is logically possible. How are you going to span ATM cells onto Ethernet frames? A MUCH better facility would be to specify a chunk of memory and do a packet capture, which could be filtered with an ACL and downloaded with FTP or TFTP (either from or to an IOS box would be acceptable to me). Then you could look at actual ATM cells, given a decoder that understood them... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:00 AM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] It would be useful if the IOS guys added this facility. Specially for monitoring ATM interfaces (sniffer ATM modules are really expensive). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73359t=73320 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com
RE: Port Spanning (Monitoring) [7:73320]
Did I miss a post? Where did ATM and Ethernet come into this? I thought we were talking about 3600 Ethernet interfaces, not network modules... I don't know what type of traffic you're looking to sniff - obviously layer 2 since we're talking frames vs. cells, ATM vs. Ethernet, but if you're looking to MONitor a traffic from a non-source, non-destination workstation, wouldn't that indicate an RMON probe like NI's Observer? Using an RMON probe wouldn't require you to occupy the other router interface, just connected to that network on the switch or hub... Bill Creighton CCNP Network Design Engineer, eVPN ATT Business Service Delivery NSPM 231 Martingale Road, Suite 800 Schaumburg, IL 60173-2008 Office: 847-407-4108 Fax: 847-598-6400 Mobile:630-290-7000 [EMAIL PROTECTED] -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] I don't think that is logically possible. How are you going to span ATM cells onto Ethernet frames? A MUCH better facility would be to specify a chunk of memory and do a packet capture, which could be filtered with an ACL and downloaded with FTP or TFTP (either from or to an IOS box would be acceptable to me). Then you could look at actual ATM cells, given a decoder that understood them... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:00 AM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] It would be useful if the IOS guys added this facility. Specially for monitoring ATM interfaces (sniffer ATM modules are really expensive). **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73364t=73320 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com
RE: Port Spanning (Monitoring) [7:73320]
Don't ask me how ATM got into it. Someone said they would like the ability to SPAN ATM traffic, and I just can't figure out how that would be possible. Even if we are talking about SPANning between Ethernet interfaces I still believe that a packet capture facility would be useful... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Creighton, Bill, NSPM [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 1:32 PM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] Did I miss a post? Where did ATM and Ethernet come into this? I thought we were talking about 3600 Ethernet interfaces, not network modules... I don't know what type of traffic you're looking to sniff - obviously layer 2 since we're talking frames vs. cells, ATM vs. Ethernet, but if you're looking to MONitor a traffic from a non-source, non-destination workstation, wouldn't that indicate an RMON probe like NI's Observer? Using an RMON probe wouldn't require you to occupy the other router interface, just connected to that network on the switch or hub... Bill Creighton CCNP Network Design Engineer, eVPN ATT Business Service Delivery NSPM 231 Martingale Road, Suite 800 Schaumburg, IL 60173-2008 Office: 847-407-4108 Fax: 847-598-6400 Mobile:630-290-7000 [EMAIL PROTECTED] -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] I don't think that is logically possible. How are you going to span ATM cells onto Ethernet frames? A MUCH better facility would be to specify a chunk of memory and do a packet capture, which could be filtered with an ACL and downloaded with FTP or TFTP (either from or to an IOS box would be acceptable to me). Then you could look at actual ATM cells, given a decoder that understood them... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:00 AM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] It would be useful if the IOS guys added this facility. Specially for monitoring ATM interfaces (sniffer ATM modules are really expensive). **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73368t=73320 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com
Re: Port Spanning (Monitoring) [7:73320]
I wanted to span the port so I could attach an IDS sensor to it to monitor the traffic entering / leaving my network. Reimer, Fred wrote in message news:[EMAIL PROTECTED] Don't ask me how ATM got into it. Someone said they would like the ability to SPAN ATM traffic, and I just can't figure out how that would be possible. Even if we are talking about SPANning between Ethernet interfaces I still believe that a packet capture facility would be useful... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Creighton, Bill, NSPM [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 1:32 PM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] Did I miss a post? Where did ATM and Ethernet come into this? I thought we were talking about 3600 Ethernet interfaces, not network modules... I don't know what type of traffic you're looking to sniff - obviously layer 2 since we're talking frames vs. cells, ATM vs. Ethernet, but if you're looking to MONitor a traffic from a non-source, non-destination workstation, wouldn't that indicate an RMON probe like NI's Observer? Using an RMON probe wouldn't require you to occupy the other router interface, just connected to that network on the switch or hub... Bill Creighton CCNP Network Design Engineer, eVPN ATT Business Service Delivery NSPM 231 Martingale Road, Suite 800 Schaumburg, IL 60173-2008 Office: 847-407-4108 Fax: 847-598-6400 Mobile:630-290-7000 [EMAIL PROTECTED] -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] I don't think that is logically possible. How are you going to span ATM cells onto Ethernet frames? A MUCH better facility would be to specify a chunk of memory and do a packet capture, which could be filtered with an ACL and downloaded with FTP or TFTP (either from or to an IOS box would be acceptable to me). Then you could look at actual ATM cells, given a decoder that understood them... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 11:00 AM To: [EMAIL PROTECTED] Subject: RE: Port Spanning (Monitoring) [7:73320] It would be useful if the IOS guys added this facility. Specially for monitoring ATM interfaces (sniffer ATM modules are really expensive). **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73391t=73320 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Port Spanning (Monitoring) [7:73320]
Look into IOS bridging. You would then see layer 2 broadcasts (not unicasts) come through the router. This is true regardless of whether or not the actual switch on port 1 is a span port or not. Even if the first router port (connected to the network) is on a switch's span port, the layer 2 bridge (done in ios by the router) still cant forward all traffic thru (like cat6 rspan). The routers dont have a span like way of doing this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73326t=73320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
