nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Sniff my switch up

cisco_dog

Hi,

Out of curiosity I want to capture VLAN tagged frames and VTP traffic between switches. Whats the best way to go about this? Buy a hub, plug both switches and my PC into it and capture (possibily in promiscuous mode) on the old PC or is there a simpler way. Is it even possible?

As a side note, page 23 of Odom, ICND2, Third edition, shouldnt the line

Can use extended-range VLANs (1006 - 4095) actually say 4094?

Many thanks for any help.

P

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

wes allen

A hub will work, or if you have some cabling gear, you can make a tap - a little ways down the page: CaptureSetup/Ethernet - The Wireshark Wiki

Iristheangel

It depends on the kind of switch you have. If you have a switch that has the ability, you could always just configure a SPAN port and connect the SPAN port to your computer's NIC that's running in promiscuous mode. Here are the instructions on configuring SPAN: Catalyst Switched Port Analyzer (SPAN) Configuration Example - Cisco Systems

wes allen

I am not sure, but I thought there are some issues with using port mirroring and vlan tagging? Or you can't see something or other? That said, I mostly use port mirroring because I don't have a TAP, but I am usually just looking for conversations on a port without vlan tagging.

Older article, buy has some info.
SPAN Port or TAP? CSO Beware (by Tim O

Iristheangel

Trunk the SPAN port and you should be able to see vlan tagging.
https://supportforums.cisco.com/thread/343307

wes allen

Cool, that is good to know.

I really need to make a tap and set up a dual NIC micropc for sniffer duty, or just suck it up and buy one of the commercial taps that combine traffic to a single port. Anyone have a dual NIC laptop setup?

chaser7783

wes allen wrote: »

Cool, that is good to know.

I really need to make a tap and set up a dual NIC micropc for sniffer duty, or just suck it up and buy one of the commercial taps that combine traffic to a single port. Anyone have a dual NIC laptop setup?

That is what I did for my NMS box, went to home depot and spent 15$ to make a passive tap. Has 3 network ports line in, line out and the port I used to sniff the data.

cisco_dog

My internet has been down since I asked this, many thanks for all the advice.