RE: Questtion on SPAN and monitoring port on the switch
The Switch Fabric is designed to send packets across ports based on the MAC addresses it learnt from the hosts connected to the ports. It does not send a packet from one port to all the ports like a HUB does. In this case, if u want to monitor one particular port on the switch, or for that matter, any number of ports on the switch, u have to connect ur RMON probe or ur sniffer or in this case ur analyser on one of the ports and then span the ports that u want to monitor to the port that the RMON/Sniffer/Analyser is connected to. What this tells the switch to do it that, it will start sending a copy of the packets it receives on the SPANd port to the port on which the RMON/Sniffer/Analyser is connected. This will let ur analyser see all the packets that are received on those SPANd ports. The basic command to configure a span port on a set based IOS is set span Let me know if this helps ... Keyur. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David spalding Sent: Wednesday, April 04, 2001 3:09 AM To: [EMAIL PROTECTED] Subject: Questtion on SPAN and monitoring port on the switch Hi.. I don't understand the instruction from our cisco consultant. Can you pls guide me.. What I should I do in more detail about how to run a SPAN or monitor port on the switch to copy the data to the monitoring port ? See below e-mail for more full detail QQQ David, I don't mean install the netmon software on the server as this is likely to kill the box. Load it on a spare PC or laptop if you have one - load PC anywhere or something similar so we could gain access to it. - it should have 10/100mb card. Once this is set-up we you can put the analyser in line with the server - or we run a SPAN or monitor port on the switch to copy the data to the monitoring port so the netmon analyser can see all the traffic. Does this make sense ? this way you have an independent analyser - you won't need to bother audit for that do you ? _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questtion on SPAN and monitoring port on the switch
<< set span >> OR # port monitor (for IOS based switches). The is perfect for a device that uses promiscuous NIC's (IDS, Network SwitchProbe, Sniffers). http://www.cisco.com/warp/public/473/41.html Good Luck with your search Phil - Original Message - From: "Keyur Lavingia" <[EMAIL PROTECTED]> To: "David spalding" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, April 04, 2001 4:51 PM Subject: RE: Questtion on SPAN and monitoring port on the switch > The Switch Fabric is designed to send packets across ports based on the MAC > addresses it learnt from the hosts connected to the ports. It does not send > a packet from one port to all the ports like a HUB does. In this case, if u > want to monitor one particular port on the switch, or for that matter, any > number of ports on the switch, u have to connect ur RMON probe or ur sniffer > or in this case ur analyser on one of the ports and then span the ports that > u want to monitor to the port that the RMON/Sniffer/Analyser is connected > to. What this tells the switch to do it that, it will start sending a copy > of the packets it receives on the SPANd port to the port on which the > RMON/Sniffer/Analyser is connected. This will let ur analyser see all the > packets that are received on those SPANd ports. The basic command to > configure a span port on a set based IOS is > > set span > > Let me know if this helps ... > > > Keyur. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > David spalding > Sent: Wednesday, April 04, 2001 3:09 AM > To: [EMAIL PROTECTED] > Subject: Questtion on SPAN and monitoring port on the switch > > > Hi.. I don't understand the instruction from our cisco consultant. Can you > pls guide me.. What I should I do in more detail about how to run a SPAN or > monitor port on the switch to copy the data to the monitoring port ? See > below e-mail for more full detail > > QQQ > David, > I don't mean install the netmon software on the server as this is likely to > kill the box. > > Load it on a spare PC or laptop if you have one - load PC anywhere or > something similar so we could gain access to it. - it should have 10/100mb > card. > > Once this is set-up we you can put the analyser in line with the server - or > we run a SPAN or monitor port on the switch to copy the data to the > monitoring port so the netmon analyser can see all the traffic. > > Does this make sense ? this way you have an independent analyser - you won't > need to bother audit for that do you ? > > > > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questtion on SPAN and monitoring port on the switch
Can it on two different switch but connected ?? >From: "Circusnuts" <[EMAIL PROTECTED]> >Reply-To: "Circusnuts" <[EMAIL PROTECTED]> >To: "Keyur Lavingia" <[EMAIL PROTECTED]>,"David spalding" ><[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: Questtion on SPAN and monitoring port on the switch >Date: Wed, 4 Apr 2001 15:08:41 -0100 > ><< set span >> > >OR > ># port monitor (for IOS based switches). The is >perfect for a device that uses promiscuous NIC's (IDS, Network SwitchProbe, >Sniffers). > >http://www.cisco.com/warp/public/473/41.html > >Good Luck with your search >Phil > >- Original Message - >From: "Keyur Lavingia" <[EMAIL PROTECTED]> >To: "David spalding" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Wednesday, April 04, 2001 4:51 PM >Subject: RE: Questtion on SPAN and monitoring port on the switch > > > > The Switch Fabric is designed to send packets across ports based on the >MAC > > addresses it learnt from the hosts connected to the ports. It does not >send > > a packet from one port to all the ports like a HUB does. In this case, >if >u > > want to monitor one particular port on the switch, or for that matter, >any > > number of ports on the switch, u have to connect ur RMON probe or ur >sniffer > > or in this case ur analyser on one of the ports and then span the ports >that > > u want to monitor to the port that the RMON/Sniffer/Analyser is >connected > > to. What this tells the switch to do it that, it will start sending a >copy > > of the packets it receives on the SPANd port to the port on which the > > RMON/Sniffer/Analyser is connected. This will let ur analyser see all >the > > packets that are received on those SPANd ports. The basic command to > > configure a span port on a set based IOS is > > > > set span > > > > Let me know if this helps ... > > > > > > Keyur. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > David spalding > > Sent: Wednesday, April 04, 2001 3:09 AM > > To: [EMAIL PROTECTED] > > Subject: Questtion on SPAN and monitoring port on the switch > > > > > > Hi.. I don't understand the instruction from our cisco consultant. Can >you > > pls guide me.. What I should I do in more detail about how to run a >SPAN >or > > monitor port on the switch to copy the data to the monitoring port ? >See > > below e-mail for more full detail > > > > QQQ > > David, > > I don't mean install the netmon software on the server as this is likely >to > > kill the box. > > > > Load it on a spare PC or laptop if you have one - load PC anywhere or > > something similar so we could gain access to it. - it should have >10/100mb > > card. > > > > Once this is set-up we you can put the analyser in line with the server >- >or > > we run a SPAN or monitor port on the switch to copy the data to the > > monitoring port so the netmon analyser can see all the traffic. > > > > Does this make sense ? this way you have an independent analyser - you >won't > > need to bother audit for that do you ? > > > > > > > > >_ > > Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Questtion on SPAN and monitoring port on the switch
what do u mean "Can it on two different switch but connected ??" Can u please clarify ur question ??? Keyur. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David spalding Sent: Wednesday, April 04, 2001 8:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Questtion on SPAN and monitoring port on the switch Can it on two different switch but connected ?? >From: "Circusnuts" <[EMAIL PROTECTED]> >Reply-To: "Circusnuts" <[EMAIL PROTECTED]> >To: "Keyur Lavingia" <[EMAIL PROTECTED]>,"David spalding" ><[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: Questtion on SPAN and monitoring port on the switch >Date: Wed, 4 Apr 2001 15:08:41 -0100 > ><< set span >> > >OR > ># port monitor (for IOS based switches). The is >perfect for a device that uses promiscuous NIC's (IDS, Network SwitchProbe, >Sniffers). > >http://www.cisco.com/warp/public/473/41.html > >Good Luck with your search >Phil > >- Original Message - >From: "Keyur Lavingia" <[EMAIL PROTECTED]> >To: "David spalding" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Wednesday, April 04, 2001 4:51 PM >Subject: RE: Questtion on SPAN and monitoring port on the switch > > > > The Switch Fabric is designed to send packets across ports based on the >MAC > > addresses it learnt from the hosts connected to the ports. It does not >send > > a packet from one port to all the ports like a HUB does. In this case, >if >u > > want to monitor one particular port on the switch, or for that matter, >any > > number of ports on the switch, u have to connect ur RMON probe or ur >sniffer > > or in this case ur analyser on one of the ports and then span the ports >that > > u want to monitor to the port that the RMON/Sniffer/Analyser is >connected > > to. What this tells the switch to do it that, it will start sending a >copy > > of the packets it receives on the SPANd port to the port on which the > > RMON/Sniffer/Analyser is connected. This will let ur analyser see all >the > > packets that are received on those SPANd ports. The basic command to > > configure a span port on a set based IOS is > > > > set span > > > > Let me know if this helps ... > > > > > > Keyur. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > David spalding > > Sent: Wednesday, April 04, 2001 3:09 AM > > To: [EMAIL PROTECTED] > > Subject: Questtion on SPAN and monitoring port on the switch > > > > > > Hi.. I don't understand the instruction from our cisco consultant. Can >you > > pls guide me.. What I should I do in more detail about how to run a >SPAN >or > > monitor port on the switch to copy the data to the monitoring port ? >See > > below e-mail for more full detail > > > > QQQ > > David, > > I don't mean install the netmon software on the server as this is likely >to > > kill the box. > > > > Load it on a spare PC or laptop if you have one - load PC anywhere or > > something similar so we could gain access to it. - it should have >10/100mb > > card. > > > > Once this is set-up we you can put the analyser in line with the server >- >or > > we run a SPAN or monitor port on the switch to copy the data to the > > monitoring port so the netmon analyser can see all the traffic. > > > > Does this make sense ? this way you have an independent analyser - you >won't > > need to bother audit for that do you ? > > > > > > > > >_ > > Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questtion on SPAN and monitoring port on the switch
Sorry.. I mean, can the ports that I want to monitor on switch A' ports but the port I plug my analyser or PC with network analysis software is on another switch eg switch B's port. They are on different switches, but the two switches are connected via a trunk link. Can the switch A ports copy the traffic to switch B port what do u mean "Can it on two different switch but connected ??" Can u please clarify ur question ??? Keyur. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David spalding Sent: Wednesday, April 04, 2001 8:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Questtion on SPAN and monitoring port on the switch Can it on two different switch but connected ?? >From: "Circusnuts" <[EMAIL PROTECTED]> >Reply-To: "Circusnuts" <[EMAIL PROTECTED]> >To: "Keyur Lavingia" <[EMAIL PROTECTED]>, "David spalding" ><[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: Questtion on SPAN and monitoring port on the switch >Date: Wed, 4 Apr 2001 15:08:41 -0100 > ><< set span >> > >OR > ># port monitor (for IOS based switches). The is >perfect for a device that uses promiscuous NIC's (IDS, Network SwitchProbe, >Sniffers). > >http://www.cisco.com/warp/public/473/41.html > >Good Luck with your search >Phil > >- Original Message - >From: "Keyur Lavingia" <[EMAIL PROTECTED]> >To: "David spalding" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Wednesday, April 04, 2001 4:51 PM >Subject: RE: Questtion on SPAN and monitoring port on the switch > > > > The Switch Fabric is designed to send packets across ports based on the >MAC > > addresses it learnt from the hosts connected to the ports. It does not >send > > a packet from one port to all the ports like a HUB does. In this case, >if >u > > want to monitor one particular port on the switch, or for that matter, >any > > number of ports on the switch, u have to connect ur RMON probe or ur >sniffer > > or in this case ur analyser on one of the ports and then span the ports >that > > u want to monitor to the port that the RMON/Sniffer/Analyser is >connected > > to. What this tells the switch to do it that, it will start sending a >copy > > of the packets it receives on the SPANd port to the port on which the > > RMON/Sniffer/Analyser is connected. This will let ur analyser see all >the > > packets that are received on those SPANd ports. The basic command to > > configure a span port on a set based IOS is > > > > set span > > > > Let me know if this helps ... > > > > > > Keyur. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > David spalding > > Sent: Wednesday, April 04, 2001 3:09 AM > > To: [EMAIL PROTECTED] > > Subject: Questtion on SPAN and monitoring port on the switch > > > > > > Hi.. I don't understand the instruction from our cisco consultant. Can >you > > pls guide me.. What I should I do in more detail about how to run a >SPAN >or > > monitor port on the switch to copy the data to the monitoring port ? >See > > below e-mail for more full detail > > > > QQQ > > David, > > I don't mean install the netmon software on the server as this is likely >to > > kill the box. > > > > Load it on a spare PC or laptop if you have one - load PC anywhere or > > something similar so we could gain access to it. - it should have >10/100mb > > card. > > > > Once this is set-up we you can put the analyser in line with the server >- >or > > we run a SPAN or monitor port on the switch to copy the data to the > > monitoring port so the netmon analyser can see all the traffic. > > > > Does this make sense ? this way you have an independent analyser - you >won't > > need to bother audit for that do you ? > > > > > > > > >_ > > Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
