Posts Tagged by monitor
Cisco: Configure Port Monitoring on Cisco Switches
| July 4, 2012 | Posted by lillurob under Switch |
Port monitoring is used to copy network traffic to and from a particular port and send the copies to another port. Using port monitoring you can sniff data passing through a port which is extremely useful when troubleshooting applications and networks. This feature was introduced in switches because of the basic differences between hubs and switches. When a hub receives a packet on one port, it sends that packet to all other ports except the port it recieved the packet from. Thus if you would like to analyze the data to and from a particular host connected to the hub all you had to do is to connect a sniffer to a differant port on the hub and start receiving data. On the other hand, switches send packets directly from the source to the destination host. The sniffer, connected to a differant port on the switch, will not see this traffic. This is where port monitoring comes in handy.
scsw1-lj(config)#no monitor session 1 scsw1-lj(config)#monitor session 1 source interface Gi2/9 scsw1-lj(config)#monitor session 1 destination interface Gi3/48 scsw1-lj(config)#interface Gi3/48 scsw1-lj(config-if)#no shutdown
The commands above are pretty self explanatory. Line 1 removes monitoring session 1 if already configured. Lines 2 and 3 define the source and destination port respectively while lines 4 and 5 modify the destination port state from shutdown to no shutdown to start receiving the data.
I usually use Wireshark on the host connected to the destination port to capture the data.
