Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Portable 4.8

Status
Not open for further replies.
cgonan

cgonan

MIS
Feb 23, 2005
39
US
Another newbie.

I just installed the demo portable 4.8 version, on a machine with 2 network cards. I have an environment of Cisco switches. The docs say that this version does not require a mirrored port and traffic can be captureed from an entire vlan on that port. Do I have to setup a SPAN port on the switch? If so, what is the source port?

When I installed the software, I was first prompted for a card, so I chose the on-board interface. It did not say that this was the Transport or Monitor card.

I also do not have snmp enabled on the switch that these network cards are patched into. Does this have to be done?

I am seeing traffic, but only the expected broadcast and multicast traffic.

Any clues to get this working?
Thanks


 
Sort by date Sort by votes
I wrote some helpfull stuff and put it in and FAQ. Check it out.

Transport is the card used to ping/telent and to management functions. Monitor is the card you capture on. They can be the same card and you can do both at the same time. It just depends on your application. Remote sniffer (sniffer distributed) or a sniffer portable running VNC should have 2 nic's with one dedicated to each task.

You don't need SNMP on the switch. You do need to configure it though!

That said, I presume you are the owner of the cisco switch and have console access. Run the command listed in the faq (if you have IOS on your switch. If not, look in the cisco forum.

Once you have your switch configured. Plug your sniffer monitor port into the switch port you defined as the monitor destination.
 
Upvote 0 Downvote
The term transport/monitor cards referres more towards the Sniffer Distributed products.

On portable you might use a 2nd card to issue the span commands to the switch - see monitor -> switch monitor.
This requiers SNMP ....

If you don't use SNMP, you can telnet to the switch and go into enable/configuration mode end enter the following command (in case of an IOS based switch):

Switch(config)# interface FastEthernet0/7
Switch(config)# port monitor FastEthernet0/3

You will in this example attach you "sniffer card" on port 0/7 and capture traffic from port 0/3.

This can be verified by:

Switch# show port monitor
Monitor Port Port Being Monitored
--------------- --------------------
FastEthernet0/7 FastEthernet0/3

Rgds, netwho


__________________________________
DOS -> Windows -> Linux -> FreeBSD
**** The evolution of a geek ****
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

wfischer
  • Locked
  • Question
Sniffer Portable 4.9 MR1
Replies
1
Views
58
jdeisenm
jdeisenm
ekwlai
  • Locked
  • Question
Sniffer Pro Portable 1
Replies
1
Views
66
gigaspeed
gigaspeed
qt3
  • Locked
  • Question
Sniffer portable
Replies
1
Views
24
rabarnard
rabarnard
Helmuth2
  • Locked
  • News
Sniffer Portable 4.8 is available now
Replies
5
Views
46
netwho
netwho
cheriev
  • Locked
  • Question
sniffer portable
Replies
1
Views
27
mahaprabhu
mahaprabhu

Part and Inventory Search

Sponsor

Back
Top