Options

Sniff my switch up

cisco_dogcisco_dog Member Posts: 24 ■□□□□□□□□□
in CCNA & CCENT
Hi,

Out of curiosity I want to capture VLAN tagged frames and VTP traffic between switches. Whats the best way to go about this? Buy a hub, plug both switches and my PC into it and capture (possibily in promiscuous mode) on the old PC or is there a simpler way. Is it even possible?

As a side note, page 23 of Odom, ICND2, Third edition, shouldnt the line

Can use extended-range VLANs (1006 - 4095) actually say 4094?

Many thanks for any help.

P
· Share on FacebookShare on Twitter

Comments

  • Options
    wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    A hub will work, or if you have some cabling gear, you can make a tap - a little ways down the page: CaptureSetup/Ethernet - The Wireshark Wiki
    · Share on FacebookShare on Twitter
  • Options
    IristheangelIristheangel Mod Posts: 4,133 Mod
    It depends on the kind of switch you have. If you have a switch that has the ability, you could always just configure a SPAN port and connect the SPAN port to your computer's NIC that's running in promiscuous mode. Here are the instructions on configuring SPAN: Catalyst Switched Port Analyzer (SPAN) Configuration Example - Cisco Systems
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    · Share on FacebookShare on Twitter
  • Options
    wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    I am not sure, but I thought there are some issues with using port mirroring and vlan tagging? Or you can't see something or other? That said, I mostly use port mirroring because I don't have a TAP, but I am usually just looking for conversations on a port without vlan tagging.

    Older article, buy has some info.
    SPAN Port or TAP? CSO Beware (by Tim O
    · Share on FacebookShare on Twitter
  • Options
    IristheangelIristheangel Mod Posts: 4,133 Mod
    Trunk the SPAN port and you should be able to see vlan tagging.
    https://supportforums.cisco.com/thread/343307
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    · Share on FacebookShare on Twitter
  • Options
    wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Cool, that is good to know.

    I really need to make a tap and set up a dual NIC micropc for sniffer duty, or just suck it up and buy one of the commercial taps that combine traffic to a single port. Anyone have a dual NIC laptop setup?
    · Share on FacebookShare on Twitter
  • Options
    chaser7783chaser7783 Member Posts: 154
    wes allen wrote: »
    Cool, that is good to know.

    I really need to make a tap and set up a dual NIC micropc for sniffer duty, or just suck it up and buy one of the commercial taps that combine traffic to a single port. Anyone have a dual NIC laptop setup?

    That is what I did for my NMS box, went to home depot and spent 15$ to make a passive tap. Has 3 network ports line in, line out and the port I used to sniff the data.
    · Share on FacebookShare on Twitter
  • Options
    cisco_dogcisco_dog Member Posts: 24 ■□□□□□□□□□
    My internet has been down since I asked this, many thanks for all the advice.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.