• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 814
  • Last Modified:

Configure switchport on 4507 to span all vlans & capture traffic on a specific port.

We had conficker go through our network. We believe to have a rogue system somewhere out there. We tried wireshark to capture traffic, but nothing came up because it was only run inside of 1 vlan. We need to find this system that keeps spewing the virus out. We have a Cisco 4507 that we would like to capture traffic on port 445. Can someone give me a play by play on configuring the switch  - or orther actions to squelch the virus?

1 Solution
Here is the configu for a 4500 series running IOS.
The config sets the interface to monitor as 4/2 and the port you connect your laptop to is 4/3
For more details here is a good link

monitor session 1 source interface fastethernet 4/2
monitor session 1 destination interface fastethernet 4/3

show monitor session 1
!verifies span was setup correctly 

Open in new window


Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now