Tag: span

Packet capture in Cisco IOS

Packet capture on IOSThis will be a brief article but a good one. It will save you some walking time to server room. I have the need to capture traffic on the switch or on the router several times every week. That action needed from me to be physically near the switch and to configure SPAN port so that I can connect to the switch with my machine and capture some packets with wireshark. Okay, I could use RSPAN to get captured packets to the closest switch but this altogether is not good enough. It’s too time consuming for short packets captures in troubleshooting sessions.

Recently in my CCIE study I came across the info that Cisco IOS is able to capture packets on the device itself and on more interfaces in once. You can later export that capture to your PC and analyze it with wireshark.

You can do it like this

SPAN – Switched Port Analyzer technology and configuration

In simple words SPAN technology enables port mirroring on selected switch.

In some cases you will need that some kind of server, PC or other network device receives a copy of network traffic that is destinated for some other device in the network. Why would you want that? Maybe you need some kind of control of the traffic or you want to implement IDS – Intrusion Detection System or something else. In that case you can configure every Cisco switch to send a copy of the traffic to one of the ports that is connected to sensor device.