Analyzing network traffic on network segments is an interest and goal of all Network Administrators, Network Security Engineer, or System Administrators. A switch creates virtual connections between hosts connected to the switch. In order to analyze all traffic on a Vlan, you'll need to 'mirror', or in Cisco parlance, 'SPAN' a port. What this means is that the traffic of all private virtual connections made between all ports belonging to a given Vlan is mirrored or 'span'ned to a designated port on the switch. Typically, you'd connect an IDS or system with a sniffer/traffic analyzer to the 'span'ned port.
# monitor session 1 source vlan 1
# monitor session 1 destination interface gi0/44
Show spanned ports:
# show monitor
To terminate the span:
# no monitor session 1
If you're really serious about analyzing traffic, especially in large volumes, you'd want to buy a "
network tap". Here is
a little more detail.
Here's a
tap reseller.
No comments:
Post a Comment