DISQUS

Hello! dmiessler.com | grep understanding is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

dmiessler.com/ Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- Daniel Miessler
  1031 comments · 2 points
- CarlM
  514 comments · 2 points
- cooperati
  179 comments · 1 points
- arikb
  89 comments · 1 points
- brooksgarrett
  52 comments · 1 points
Popular Threads
- Considering Using danielmiessler.com Instead of dmiessler.com
  3 weeks ago · 8 comments
- Republicans: The Modern Dixiecrats?
  3 weeks ago · 8 comments
- Music | Mastodon: Crack the Skye
  4 weeks ago · 4 comments
- Outbound Number Translation Coming to Google Voice Soon
  3 weeks ago · 3 comments
- Wireless: WPA2 Enterprise Integration With Active Directory 2008
  3 weeks ago · 3 comments
Recent Comments
- I think this is a very helpful link. It fixes all the keyboard mapping problems. Even for VMware server 2.0 http://communities.vmware.com/message/1091425
  3 weeks ago by Mario R Mena
  
  in VMware Server 2.0 For Linux Doesn’t Have a “Send Ctrl-Alt-Del” Button
- Test.
  3 weeks ago by Daniel Miessler
  
  in Testing the New Domain
- "Yes, it helps people through altered perception of the world, but so do three glasses of wine." ___ Oh, so atheists do not drink alcohol because it is too much like religion?...
  3 weeks ago by SayBlade
  
  in Atheism Argued Successfully by Two Quotations
- burden is on those who make the assertion, not on those who deny
  3 weeks ago by Adam
  
  in Atheism Argued Successfully by Two Quotations
- • Theism is not a religion. Atheism is not a religion for the same reason. 'Theism' is an abstract noun which refers collectively to each organized religion which espouses the existence of...
  3 weeks ago by anti-supernaturalist
  
  in The Definition Of Atheism, And Why It Is *NOT* A Belief

dmiessler.com | grep understanding

dmiessler.com/about/

Jump to original thread »

Port Mirroring on a Cisco 3550 Switch

Started by Daniel Miessler · 7 months ago

Just for reference…

Source port(s):

Switch# config t
Switch(config)# monitor session 1 source interface fastethernet 0/1
Switch(config)# monitor session 1 source interface fastethernet 0/2
Switch(config)# monitor session 1 source interface fa ... Continue reading »

5 comments

Saul Lethbridge
1 year ago

4 Fa ports going out 1 Fa port...any dropped packets!!

reply

ghost16825
1 year ago

Also fyi:

http://taosecurity.blogspot.com/2007/12/expert-commentary-on-span-and-rspan.html

reply

Saul Lethbridge
1 year ago

I know this is just a reference, but I personally would be very concerned with sending more than a few Fa ports out a single Gi port, considering aggregate traffic. 4 fully saturated Fa ports = 800 Mb.

The tao article above is also something to consider, very good info.

reply

Maxo
1 year ago

I took the CCNA 1-4 (class, not the actual test.) As much as I love networking, that class let me know that I should not pursue a career in it.

reply

Daniel Miessler
1 year ago

I agree, guys. The place I implemented this had very little traffic on each port, and even then I realize it's not ideal.

The problem is that I need to monitor this network, not just a particular port. At the same client I have a number of taps in place (permanent fixtures that I had them buy) to facilitate ongoing traffic monitoring. I do recognize that this method is superior; it's just that it doesn't let you monitor everything on a low-traffic switch like a span does.

The problem with the span, of course, is that at any time one or more of the ports being monitored could become NOT low-traffic, at which point the solution falls apart.

At any rate, the post was for remembering syntax for the monitor command more than anything. Good discussion, though.

reply

Add New Comment

Returning? Login

DISQUS

Community Page

Subscribe

Community

Top Commenters

Popular Threads

Recent Comments

dmiessler.com | grep understanding

Port Mirroring on a Cisco 3550 Switch

5 comments

Add New Comment