To span a port you need to use the monitor session commands
EXAMPLE:
ISSUE#1 RPC errors on some users
ISSUE#2 East Coast having issues connecting in the early morning
STEP 1 (PERFORMED BY NETWORK ADMIN)
Have network engineer identify what ports in the switch the four devices are plugged into
10.10.10.1 (CSS) example Gi3/37
10.10.10.12 (plgmr1a1) example Gi7/28
10.10.10.13 (plgmr1a1) example Gi7/29
10.10.10.14 (plgmr1a2) example Gi7/43
10.10.10.15 (plgmr1a2) example Gi7/44
10.10.10.16 (plgmr1a3) example Gi7/46
10.10.10.17 (plgmr1a3) example Gi7/48
STEP 2 (PERFORMED BY NETWORK ADMIN)
Have the private network (10.10.10.xx) from the CSS to the servers spanned to a port for monitoring (below example is using the above sample ports and is assuming the sniffer expert is plugging there laptop into port gi4/1)
(config)#monitor session 1 source int Gi3/37 , Gi7/28 - 29 , Gi7/43 - 44 , Gi7/46 , Gi7/48 both
(config)#monitor session 1 dest int Gi4/1
STEP 3 (PERFORMED BY SNIFFER EXPERT)
** If STEP 2 is not performed then create the following capture RULE, otherwise skip to STEP 4
10.10.10.1 <--> 10.10.10.12
10.10.10.1 <--> 10.10.10.13
10.10.10.1 <--> 10.10.10.14
10.10.10.1 <--> 10.10.10.15
10.10.10.1 <--> 10.10.10.16
10.10.10.1 <--> 10.10.10.17
STEP 4 (PERFORMED BY SNIFFER EXPERT)
Add to the capture rule:
TCP communication for all traffic over port 39999
STEP 5 (PERFORMED BY SNIFFER EXPERT)
Customize the Sniffer Capture files settings:
Find out how much space is available on your hard drive (example: 1GB)
Setup sniffer captures files to a size of 10MB
Setup maximum files 10/1000 = 100 files
Setup overight oldest file when full
STEP 6 (PERFORMED BY SNIFFER EXPERT)
Establish contact with requester for start time, stop time and destination for capture logs
STEP 7 (PERFORMED BY APPLICATION TECH.)
Notify a contact at all Debt Manager Branches that they need to notify you when:
1.) Logon issues occur in the morning
2.) RPC errors happen
Once contacted by customer, capture
1.) When did incident occur
2.) what is the ip address of machine with issue
3.) Is it issue #1(RPC errors) or issue #2(logon issues)
Notify Sniffer expert to
1.) Stop captures
2.) Copy existing data to predetermined destination for time frame under folder labeled DMRPC or DMLOGON
3.) Resume capturing data
STEP 8 (PEFORMED BY APPLICATION TECH.)
Send captured data (once completely uploaded) to necessary technicians with user information (IP address and when the issue occurred and what issue was captured)
0
Monitor Switchport (Packet Capturing)
Started by
wildweaselmi
, Aug 04 2011 12:19 PM
No replies to this topic
Similar Topics
| Topic | Forum | Started By | Stats | Last Post Info | |
|---|---|---|---|---|---|
Capture Switch Inventory |
Cisco | wildweaselmi |
|
|
|
Capture Traffic on my Linksys WRT54G |
Networking | shadowmac |
|
|
|
[F-Secure} Monitoring-Tool:Android/SpyBubble.A |
Security | wildweaselmi |
|
|
|
Identify what port on the switch you are onUse a loopback plug to identify switchport |
Networking | wildweaselmi |
|
|
|
CentOS Desktop MonitorMonitor your system vitals on your desktop |
CentOS | djzah |
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
