Random ramblings about things related to the digital world
Posts tagged ‘cisco’
Put this in your screen.rc
deflog on logfile log/screen%n-%Y-%m-%dT%c:%s.log logfile flush 2 startup_message off msgwait 0
And change shell for that user to /usr/bin/screen in /home/passwd and you’ll have a full log on what they’re doing aswell as you can join their session with screen -x
SPAN (Switch Port Analyzer) is a great tool for troubleshooting Cisco switches and to figure out where your traffic really is heading.
The technique is called Port Mirroring, as a general term, since you’re mirroring the traffic and sending it to a specific port where you have your analyzing software waiting.
Other vendors usually have their own specific names like 3com’s Roving Analysis Port (RAP) but the technique is often very similar.
An overview
What you need to do is this
conf t
monitor session 1 source interface gigabitEthernet 0/5
monitor session 1 destination interface gigabitEthernet 0/10
This will mirror the traffic on interface gigabitEthernet 0/5 and send it to gigabitEthernet 0/10
If you want to monitor multiple ports just add them like this:
conf t
monitor session 1 source interface gigabitEthernet 0/5 , 0/6 , 0/7
monitor session 1 destination interface gigabitEthernet 0/10
To monitor traffic on a specific VLAN (VSPAN)
conf t
monitor session 1 source vlan 100
monitor session 1 destination interface gigabitEthernet 0/10
I would recommend using software like Wireshark to analyze the received data.
To mirror traffic on remote switches, read about RSPAN (Remote SPAN) here
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/5.x/configuration/guide/span.html#wp1020150
A lot of information is available on cisco.com aswell.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml