Solved

Wireshark usage: How to get stats on cisco router

Posted on 2008-10-29
15
935 Views
Last Modified: 2013-12-07
I am new to wireshark and want to get some stats (like DHCP, ARP) on cisco router. When I telnet into the router using the broadcom port of my laptop, I only get the activity showing TELNET/TCP? Is there any way to get the router activity esp for E0/0?? Any pointers on wireshark usage will be highly appreciated.
0
Comment
Question by:totaram
  • 7
  • 7
15 Comments
 
LVL 20

Expert Comment

by:RPPreacher
ID: 22834096
Actually netflow is more what you are looking for.

Scrutinizer is a free netflow analyzer.
http://www.plixer.com/products/free-netflow.php

Which Cisco router do you have?  I can help with the netflow set up or you can just google "netflow" and your router model.
0
 
LVL 3

Expert Comment

by:mrwalker15
ID: 22834123
You could also set a SPAN port on you switch to send all the traffic from the routers port to your port.
0
 

Author Comment

by:totaram
ID: 22834297
We have Cisco 2811, and are facing some issues with DHCP allocation from server. Just want to get the trace of the DHCP requests and responses. On google search, I came up @ Cisco IOS Netflow, is that what you are referring to? Prabably, we have to buy that from Cisco....
0
 

Author Comment

by:totaram
ID: 22834317
How do you put SPAN on switch port to go thru router to my laptop/PC port?
0
 
LVL 3

Expert Comment

by:mrwalker15
ID: 22834329
What switch do you use?
0
 
LVL 3

Expert Comment

by:mrwalker15
ID: 22834354
Also, are you connected to the same switch as the routers?
0
 

Author Comment

by:totaram
ID: 22834357
Cisco switch 2950, IOS 12.1(20)
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 3

Expert Comment

by:mrwalker15
ID: 22834377
C2950#configure terminal
C2950(config)#
C2950(config)#monitor session 1 source interface <router's interface>
C2950(config)#monitor session 1 destination interface <laptop's interface>

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#topic5
0
 
LVL 3

Expert Comment

by:mrwalker15
ID: 22834405
0
 

Author Comment

by:totaram
ID: 22835489
mrwalker, I can not directly log in to switch, I can log in to router from my laptop/PC and then to switch. Is there any way to set the destination interface?
0
 
LVL 3

Expert Comment

by:mrwalker15
ID: 22835571
is your machine physically connected to the same switch? if so, you have to assign the interface that your physically connected as the destination interface.
0
 

Author Comment

by:totaram
ID: 22835652
No, we are miles away from Router/switch. I telnet to the router.
0
 
LVL 3

Accepted Solution

by:
mrwalker15 earned 125 total points
ID: 22835763
Ok. I take you are on the same internal network but on different locations.

You will have to use RSPAN then.

Basically it is the same as a SPAN session but with the destination being on another switch.

You need to create a VLAN to carry the SPAN traffic and it must be available in both switches.

Router's Switch#configure terminal
Router's Switch(config)#
Router's Switch(config)#monitor session 1 source interface <router's interface>
Router's Switch(config)#monitor session 1 destination remote vlan <vlan id that you created>

Your switch#config t
Your switch#monitor session 1 source remote vlan <vlan id that you created>
Your switch#monitor session 1 destination interface <your interface>
0
 

Author Closing Comment

by:totaram
ID: 31511319
Very good, thank you so much for your input,
0
 

Author Comment

by:totaram
ID: 22864593
The issue is closed.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how can I tell if a better drive will help on a win 8.1 laptop 28 144
Need to separate small office by VLAN... 3 56
Cell phone, internet, asian countries. 3 75
DHCP Server 14 62
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now