Posted by: Raj Perumal
Cisco, Packet Sniffing, Port SPAN, switched port analyzer, Wireshark
Hello again folks, so if you’ve been in networking long enough you’ve probably ran into issues where you just wish you could look right at the network traffic. As I’ve posted before, one of the best ways to do this is to use a packet sniffer such as the old Ethereal, or the new Wireshark.
Wireshark uses WinPcap to capture the packets and display them to you in realtime on your screen so you can view what’s going on in your network. But how do you get the packets on your switch to come to your laptop in the first place? You do this by implementing Port Span on a Cisco switch. Span stands for Switched Port Analyzer and what it does is mirrors all of the traffic from a source port to a destination port you specify.
This can be of great use when troubleshooting traffic flows through a switch. Just the other day I was troubleshooting some traffic flow through a trunked etherchannel interface and I needed to find out what was going on with one of the vlans. By using SPAN I was able to get to the root of the problem quite quickly.
More on how to implement it here.