Using WireShark with Cisco Hardware
I have used Wireshark in GNS3, where you right click on the link between 2 routers and select capture. This will open up Wireshark and captures all the traffic going through the selected Link.
In Cisco real world, where they use hardware, how would you use Wireshark for the same purpose as in GNS3 ?
Thank you
In Cisco real world, where they use hardware, how would you use Wireshark for the same purpose as in GNS3 ?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found similar notes on a sheet of paper, I wonder if the comments are correct ?
** Sometimes we'll have to use for instance Wireshark to monitor the traffic generated by a certain device.
Assuming we have Wireshark installed on Laptop, we connect the laptop network adapter cable to a port on a switch where the device to be monitored is plugged into.
Connect to the IP address of the Switch with Telnet or SSH putty, and run the following commands:
Switch(config)# no monitor session 1
This will disable any previous session 1 if there was one already open.
Switch(config)# monitor session 1 source interface FastEthernet0/5
This configure the port where the device is plugged to be monitored
Switch(config)# monitor session 1 destination interface FastEthernet0/1
This configures the port where the laptop is plugged to receive data to be monitored
Switch(config)# end
Then open up Wireshark, and watch the traffic...
** Sometimes we'll have to use for instance Wireshark to monitor the traffic generated by a certain device.
Assuming we have Wireshark installed on Laptop, we connect the laptop network adapter cable to a port on a switch where the device to be monitored is plugged into.
Connect to the IP address of the Switch with Telnet or SSH putty, and run the following commands:
Switch(config)# no monitor session 1
This will disable any previous session 1 if there was one already open.
Switch(config)# monitor session 1 source interface FastEthernet0/5
This configure the port where the device is plugged to be monitored
Switch(config)# monitor session 1 destination interface FastEthernet0/1
This configures the port where the laptop is plugged to receive data to be monitored
Switch(config)# end
Then open up Wireshark, and watch the traffic...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The dark areas in monitoring are :
if you have 2 Router R1 an R2 are directly connected (no switch in between), you will be using the laptop to catch traffic from one Router at a time, because you plug your laptop to an available port on R1 and you make the port your laptop plugged into as Destination and an available port on R1 where R2 as the source....
here you catch only the traffic received by R1 from R2
Then you move your laptop to R2 and redo the same thing...
if both R1 and R2 are plugged to a switch then you make their ports on the switch as Source.
Switch(config)# monitor session 1 source interface FastEthernet0/5 (where R1 is plugged)
Switch(config)# monitor session 1 destination interface FastEthernet0/1 (where your laptop is plugged)
Switch(config)# monitor session 1 source interface FastEthernet0/6 (Where R1 is plugged)
Switch(config)# monitor session 1 destination interface FastEthernet0/1 (Where your laptop is plugged)
I am not sure if that's correct
if you have 2 Router R1 an R2 are directly connected (no switch in between), you will be using the laptop to catch traffic from one Router at a time, because you plug your laptop to an available port on R1 and you make the port your laptop plugged into as Destination and an available port on R1 where R2 as the source....
here you catch only the traffic received by R1 from R2
Then you move your laptop to R2 and redo the same thing...
if both R1 and R2 are plugged to a switch then you make their ports on the switch as Source.
Switch(config)# monitor session 1 source interface FastEthernet0/5 (where R1 is plugged)
Switch(config)# monitor session 1 destination interface FastEthernet0/1 (where your laptop is plugged)
Switch(config)# monitor session 1 source interface FastEthernet0/6 (Where R1 is plugged)
Switch(config)# monitor session 1 destination interface FastEthernet0/1 (Where your laptop is plugged)
I am not sure if that's correct
ASKER
sorry , I meant to say here:
Switch(config)# monitor session 1 source interface FastEthernet0/6 (Where R2 is plugged)
Switch(config)# monitor session 1 source interface FastEthernet0/6 (Where R2 is plugged)
ASKER
Thanks
ASKER
Let's say 2 routers are connected to a each other.
do you plug your laptop to an available port on one of the router and configure monitoring ?
how physically can you set up this before starting the monitoring config then Wireshark ?