怎样用Sniffer监听交换机数据包（How to monitor switch packets with Sniffer）.doc

怎样用Sniffer监听交换机数据包（How to monitor switch packets with Sniffer） How to monitor gateway packets with Sniffer The 2009-09-17 In an Ethernet environment, communication between two workstations is not interception by a third party. In some cases, we might need to do such a listening, such as protocol analysis, traffic analysis, intrusion detection. For this purpose, we can set the SPAN of the Cisco switch (Switched Port Analyzer switching Port Analyzer), or the early Port mirroring and monitoring Port feature. The listening object can be one or more switch ports, or the entire VLAN. If the port ( source port ) or the port ( target port ) to listen on is on the same switch, we just need to configure the SPAN; If you are not on the same switch, you need to configure RSPAN (Remote SPAN). Different switches have different restrictions on SPAN, such as the source ports and target ports in the 2900XL switches must be in the same VLAN, some switches do not support RSPAN, and so on, see the device documentation. When configuring SPAN, we need to provide the parameters that are source or VLAN and target ports. 4000/6000 CatOS switches: Set span 6/17 6/19 / / span: the source port is 6/17 and the target port is 6/19 2950/3550/4000 ios / 6000 ios switch: Monitor session 1 local / / SPAN The monitor session 1 source interface (source interface) is either the same or a VLAN Monitor session 1 destination interface (destination interface 2900/3500xl exchange: Interface (interface) : thernet 0/19 / / target port Port monitor: the 1900 switch: (or use the menu [M] Monitoring) Monitor - port monitored 0/17 / / source ports (port 0/17 and 0/18) Monitor - port monitored 0/18 Monitor - port port 0/19 / / target port Monitor - port / / start monitoring When configuring RSPAN, we first define a VLAN type that is RSPAN. On ordinary VLAN if the source host and the target host are on the same switch, they dont need to pass the TRUNK unicast communication between to other switches, RSPAN VLAN need