The musings of an IT Consultant

Jul 31 2009   8:43PM GMT

Sniffing traffic on a Cisco switch

Raj Perumal Raj Perumal Profile: Raj Perumal

Hello again folks, so if you’ve been in networking long enough you’ve probably ran into issues where you just wish you could look right at the network traffic. As I’ve posted before, one of the best ways to do this is to use a packet sniffer such as the old Ethereal, or the new Wireshark.

Wireshark uses WinPcap to capture the packets and display them to you in realtime on your screen so you can view what’s going on in your network. But how do you get the packets on your switch to come to your laptop in the first place? You do this by implementing Port Span on a Cisco switch. Span stands for Switched Port Analyzer and what it does is mirrors all of the traffic from a source port to a destination port you specify.

This can be of great use when troubleshooting traffic flows through a switch. Just the other day I was troubleshooting some traffic flow through a trunked etherchannel interface and I needed to find out what was going on with one of the vlans. By using SPAN I was able to get to the root of the problem quite quickly.

More on how to implement it here.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: