How to setup Wireshark to Sniff Cisco2960

[skb2005]

Network Setup.

1) Ehternet feed from ISP is connected to our Cisco7206 router.
2) Two interfaces from Cisco7206 are connected to Cisco2960 switch. Both the interfaces have different network/subnets.
3) Three Cisco5400 voip routers are connected to Cisco2960.
4) PC having wireshark installed is also connected on 2960. This PC has 2 NIC's. One is assigned to the local network and physocally connected on the local ethernet-switch. The second NIC is connected on Cisco2950.


We need to sniff the network for VOIP troubleshooting. We need to capture the SIP trace.

I have tried to capture the trace on NIC connected to 2960. I dont see anything other than broadcast-messages.

What I am doing wrong?

 

[jdeisenm]

Assume port 1 on the 2960 is connected to the router
Assume port 24 is for wireshark pc.

to start the monitor
switch(config)#monitor session 1 source int fa0/1
switch(config)#monitor session 1 destination int fa0/24

to stop the monitor
switch(config)#no monitor session 1

some switches multiple sources so you may be able to run

monitor 2 ports at once with one ethereal
switch(config)#monitor session 1 source int fa0/1
switch(config)#monitor session 1 source int fa0/2
switch(config)#monitor session 1 destination int fa0/24

or multiple sessions

session 1
switch(config)#monitor session 1 source int fa0/1
switch(config)#monitor session 1 destination int fa0/24
session 2
switch(config)#monitor session 2 source int fa0/2
switch(config)#monitor session 2 destination int fa0/23

 

[skb2005]

JD,

Thanks for your quick and valuable help. Now I am able to capture the packets.

I have to do a little research on wireshark. It is capturing so many things, The only thing I need is the SIP VOIP call trace.

I will post what I will find but if someone already know, please post it here.


Thanks Again.