Professional Documents
Culture Documents
P3 - SPAN (Seemeen Patel-CS23016)
P3 - SPAN (Seemeen Patel-CS23016)
P3 - SPAN (Seemeen Patel-CS23016)
The destination is typically a monitoring device, or other tools used for troubleshooting or
traffic analysis.
SPAN ports present a readily available mechanism through which to access detailed packet
information.
Background / Scenario
As the network administrator you want to analyze traffic entering and exiting the local network.
To do this, you will set up port mirroring on the switch port connected to the router and mirror
all traffic to another switch port. The goal is to send all mirrored traffic to an intrusion detection
system (IDS) for analysis. In this initial implementation, you will send all mirrored traffic to a PC
which will capture the traffic for analysis using a port sniffing program. To set up port mirroring
you will use the Switched Port Analyzer (SPAN) feature on the Cisco switch. SPAN is a type of
port mirroring that sends copies of a frame entering a port, out another porton the same
switch. It is common to find a device running a packet sniffer or Intrusion Detection System
(IDS) connected to the mirrored port.
Objective
Part 1: Build the Network and Verify Connectivity
Page | 1
CS23016 | Seemeen Patel
Page | 2
CS23016 | Seemeen Patel
Page | 3
CS23016 | Seemeen Patel
Console into S1 and configure the source and destination monitor ports on S1.
Page | 4
CS23016 | Seemeen Patel
Page | 5
CS23016 | Seemeen Patel
Step 3:- Represent ingress and egress for VLAN 20 and will see the same in g0/2. This
ingress disabled means we are not actually monitoring anything that comes in from G 0
Step 4:-Run (sh mon det).Source ports none because we aren’t monitoring ports we
are monitoring VLAN 20
Step 5:- Run Wireshark on this PC put it in promiscuous mode and we could pick up all
the traffic that was going to in and out of VLAN 20 it said that's how we would configure and
use the Cisco port.
Page | 6