Sniff my switch up
cisco_dog
Member Posts: 24 ■□□□□□□□□□
in CCNA & CCENT
Hi,
Out of curiosity I want to capture VLAN tagged frames and VTP traffic between switches. Whats the best way to go about this? Buy a hub, plug both switches and my PC into it and capture (possibily in promiscuous mode) on the old PC or is there a simpler way. Is it even possible?
As a side note, page 23 of Odom, ICND2, Third edition, shouldnt the line
Can use extended-range VLANs (1006 - 4095) actually say 4094?
Many thanks for any help.
P
Out of curiosity I want to capture VLAN tagged frames and VTP traffic between switches. Whats the best way to go about this? Buy a hub, plug both switches and my PC into it and capture (possibily in promiscuous mode) on the old PC or is there a simpler way. Is it even possible?
As a side note, page 23 of Odom, ICND2, Third edition, shouldnt the line
Can use extended-range VLANs (1006 - 4095) actually say 4094?
Many thanks for any help.
P
Comments
-
wes allen
Member Posts: 540 ■■■■■□□□□□
A hub will work, or if you have some cabling gear, you can make a tap - a little ways down the page: CaptureSetup/Ethernet - The Wireshark Wiki
-
Iristheangel
Mod Posts: 4,133 Mod
It depends on the kind of switch you have. If you have a switch that has the ability, you could always just configure a SPAN port and connect the SPAN port to your computer's NIC that's running in promiscuous mode. Here are the instructions on configuring SPAN: Catalyst Switched Port Analyzer (SPAN) Configuration Example - Cisco Systems -
wes allen
Member Posts: 540 ■■■■■□□□□□
I am not sure, but I thought there are some issues with using port mirroring and vlan tagging? Or you can't see something or other? That said, I mostly use port mirroring because I don't have a TAP, but I am usually just looking for conversations on a port without vlan tagging.
Older article, buy has some info.
SPAN Port or TAP? CSO Beware (by Tim O -
Iristheangel
Mod Posts: 4,133 Mod
Trunk the SPAN port and you should be able to see vlan tagging.
https://supportforums.cisco.com/thread/343307 -
wes allen
Member Posts: 540 ■■■■■□□□□□
Cool, that is good to know.
I really need to make a tap and set up a dual NIC micropc for sniffer duty, or just suck it up and buy one of the commercial taps that combine traffic to a single port. Anyone have a dual NIC laptop setup? -
chaser7783
Member Posts: 154
Cool, that is good to know.
I really need to make a tap and set up a dual NIC micropc for sniffer duty, or just suck it up and buy one of the commercial taps that combine traffic to a single port. Anyone have a dual NIC laptop setup?
That is what I did for my NMS box, went to home depot and spent 15$ to make a passive tap. Has 3 network ports line in, line out and the port I used to sniff the data. -
cisco_dog
Member Posts: 24 ■□□□□□□□□□
My internet has been down since I asked this, many thanks for all the advice.
