Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Sniffer Pro and VLANS
- Thread starter mysniffer
- Start date
Not sure what you mean by "pass". I searched SAdtran's web site and can't find the 1127R. Is it a network switch or some kind of a router/access device?
There are typically two methods used for sniffing VLAN's
1) connect Sniffer to SPAN or mirror port of a network switch (e.g. Cisco or Nortel) and set the source to be mirrored as a specific VLAN. Cisco allows this - I'm not sure how Nortel and other switch manufacturers handle it.
If you have some sort of unmanaged switch that does nto have a mirror port you'll have to use a ful duplex network tap.
2) Put the tap in an appopriate link - e.g. an uplink where all of the traffic going into and out of that VLAN is going to pass through. In order for the Sniffer to see both Rx and Tx you'l need to use an aggregation style tap. A shared media hub may be used instead but it will force a full dulex link to operate at half duplex and also lacks power fault tolerance - your call on whether those issues are a concern or not.
Once the Sniffer is attached, look at a trace fiel of the traffic and find some of the devices that are in the VLAN of interest. Do a pattern match filter on the VLAN tag within the packet header and you can then capture only traffic from that VLAN.
Hope this helps.
Owen O'Neill
Datacom Systems Inc.
Northeastern SE
There are typically two methods used for sniffing VLAN's
1) connect Sniffer to SPAN or mirror port of a network switch (e.g. Cisco or Nortel) and set the source to be mirrored as a specific VLAN. Cisco allows this - I'm not sure how Nortel and other switch manufacturers handle it.
If you have some sort of unmanaged switch that does nto have a mirror port you'll have to use a ful duplex network tap.
2) Put the tap in an appopriate link - e.g. an uplink where all of the traffic going into and out of that VLAN is going to pass through. In order for the Sniffer to see both Rx and Tx you'l need to use an aggregation style tap. A shared media hub may be used instead but it will force a full dulex link to operate at half duplex and also lacks power fault tolerance - your call on whether those issues are a concern or not.
Once the Sniffer is attached, look at a trace fiel of the traffic and find some of the devices that are in the VLAN of interest. Do a pattern match filter on the VLAN tag within the packet header and you can then capture only traffic from that VLAN.
Hope this helps.
Owen O'Neill
Datacom Systems Inc.
Northeastern SE
Once you span or mirror a port you will see all the traffic coming in or out of that port. The monitor port does not have to be in any specific VLAN. If the traffic you are looking at is only in one VLAN then the port you are monitoring is only in that VLAN. If you see multiple VLAN traffic then the port you are spanning or mirroring is a trunk port.
- Status
Similar threads
- Locked
- Question