Link to home
Start Free TrialLog in
Avatar of pterranova13
pterranova13Flag for United States of America

asked on

Port Monitoring

I need to setup port monitoring on one of the ports on my core switch to evaluate a sniffer product on my network. I am familar with SPAN but not sure how changing one of my ports on my network to monitoring or listening will effect it. I have done it in a lab enviornment but not in a live environment. Need assistance
Avatar of aconaway1
Flag of United States of America image

On what platform are you doing the SPAN?

On Cisco gear, when you set a port to be a monitoring port (the one where the traffic is copied), that port can no longer accept traffic.  There's some very minimal processing overhead, I imagine, but it's minimal -- especially if you have a big switch.
Avatar of pterranova13


I am running a 6513 Switch. I basically am looking to see all the traffic running through the network through a sniffer on my desktop computer. Will the monitoring add more network noise and latency.
Not at all.  Monitoring a port adds nothing at all to the network.  The 6500 will only copy an already-existing packet to the monitoring port.

Unless you're already running really high on CPU, you should see no latency at all.  As a matter of fact, SPAN ports are very low priority, and, if there's a CPU bottleneck, the switch will simply not copy the packet to the monitoring port until there's CPU available.  On top of the fact that the 6500 series switches are heavyweights, you won't see a problem.

I'm running four SPANs right now on a set of 6509s peaking to about 700Mbps of traffic with no problems.
Would you be able to provide me with the proper syntax to configure the port.

Sure.  As an example and assuming you want to copy traffic from G1/1 to G2/3, just do this.

monitor session 1 source interface G1/1
monitor session 1 destination interface G2/3
So I want to copy all the traffic running on my data vlan 1. I am going to use that instead of the Gi1/1 ?
Avatar of aconaway1
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bschwarting

i know this is an old question, but I'll try anyway.

what IP do you need to give the NIC on the server that is running the sniffer software?

since this is just a monitor port on the switch end, does it really matter on the server end?