From the course: CompTIA Network+ (N10-009) Cert Prep
Port mirroring
From the course: CompTIA Network+ (N10-009) Cert Prep
Port mirroring
- I've got a little problem with my old Cisco 3550 switch here. Well, you see the problem's not really with the switch. The problem is one of the devices that I have plugged into it. It's giving me a lot of weird information. It's running hard. I'm nervous that things are coming in and out of that device that I don't want to see. Now, I could go to that device and do all kinds of things, but it's a busy computer. So what I want to be able to do is monitor all the IP traffic coming in and out of this device, and I want to do it remotely. Now, normally with a switch, you can't do that. I mean, the beauty of a switch is that it's a point to point connection. So I can't sniff the traffic going in and out of one port from a different port. Well, with a good managed switch, you can, and we call this port mirroring. What we're going to do here is we're going to configure this switch to say, "Listen, I want you to listen in on the port that that bad computer's plugged into, and I want you to send all the traffic, in and out, that's coming from that bad computer, and I want you to send a copy over to my system." So let's go ahead and do that, and we're going to be doing that using iOS. Okay, so I've already got PuTTY running, so let's go ahead and just go through the process of setting this up. It's actually pretty easy. So I'm going to run good old config t, config terminal, and now what I'm going to have to do first is I'm going to have to say, "Look, I want to create a session, a sniffing session, kind of like, and we're going to give it a number." In this case, I don't have any yet, so I'll call it number one. And then I'm going to say, "What is the source of my sniffing?" So let's run that command first. So... (keyboard clacking) So what we did here is we said, listen, let's create a first sniffing session, and we're going to call it session one. And I want the source to be my fast ethernet port 22. So that's all I've done up to this point. What we now have to do is say, "Well, what do you want to send all this data to?" So wherever I'm going to plug my sniffing device in is where I need to say where my destination's going to be. So let's go ahead and run that command. So monitor session one, except this time I'm going to say destination. And in this case, I'm going to pick the particular interface that I'm going to be plugging into, which just happens to be number 23. And viola, it's done. So setting up port mirroring is actually fairly simple with Cisco devices using iOS. Some SOHO devices also have port mirroring. It's usually in a graphical interface and you just say, "Turn on port mirroring and send it to port three," kind of stuff. The important thing that we need to appreciate here is that port mirroring gives us the ability to remotely monitor the data that's going in and out of a particular source. Now, in here, I'm just using one actual switch port, but if I wanted to, I could set it up for an entire VLAN. I want to see all the data coming out of VLAN 2 and send it all to my system. And yes, it can make a huge mess, but it absolutely does work. So when you absolutely, positively have to know what's happening way over there, use port mirroring.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
-
-
-
Switch management8m 49s
-
Introduction to VLANs10m 7s
-
InterVLAN routing2m 56s
-
Configuring switching technologies7m 25s
-
Trunking7m 39s
-
Cisco commands9m 2s
-
Switch port protection6m 28s
-
Port mirroring3m 19s
-
IDS vs. IPS4m 15s
-
Proxy servers12m 31s
-
Load balancing8m 19s
-
Device placement scenarios12m 37s
-
-
-
-
-
-
-
-
-