Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Cisco: Sniffing Traffic on Switch Ports

SnowconeSnowcone Registered User
This is a kind of high level issue I am having, but I figured I'd bring it here anyway. I've got a stack of Cisco 3750G switches. I need to document the network layout and I really don't want to use a tester to map out which patch panel port goes to which office. What I am hoping to do is sniff the traffic on each individual port, find the local private ip of the computer on that port, and then use a network scanner to match up each machine to its current ip.

I've looked at NTop, but couldn't get it to run on my windows machine. Does anyone know of a tool, maybe like ethereal, that would let me sniff traffic isolated to a single switch port of a cisco switch?

Snowcone on

Posts

  • stigweardstigweard Registered User regular
    edited March 2008
    I thought ntop had full win32 compatibility? Have you tried Cisco for switch management software? I've used some 3com software for a set of 3com switches before and it mapped out everything fairly well.

  • SnowconeSnowcone Registered User
    edited March 2008
    I've got the Cisco Network Assistant (CNA) installed and it's not giving me any information like that. If it helps, I'm running Vista and the NTop installer crashes everytime I try it.

  • SiliconStewSiliconStew Registered User regular
    edited March 2008
    First set up port mirroring (SPAN) on your switches so that you are monitoring one port at a time. Run ethereal/wireshark on the monitor port to find the computer's IP. Repeat for each port on the switches.

    You may want to run a ping sweep on your LAN IP's at the same time you run ethereal so you are not just waiting for the computers to generate traffic themselves.

    Just remember that half the people you meet are below average intelligence.
  • SnowconeSnowcone Registered User
    edited March 2008
    First set up port mirroring (SPAN) on your switches so that you are monitoring one port at a time. Run ethereal/wireshark on the monitor port to find the computer's IP. Repeat for each port on the switches.

    You may want to run a ping sweep on your LAN IP's at the same time you run ethereal so you are not just waiting for the computers to generate traffic themselves.

    Thank you. It looks like SPAN is going to do exactly what I needed.

  • badfishbadfish Registered User
    edited March 2008
    Snowcone wrote: »
    First set up port mirroring (SPAN) on your switches so that you are monitoring one port at a time. Run ethereal/wireshark on the monitor port to find the computer's IP. Repeat for each port on the switches.

    You may want to run a ping sweep on your LAN IP's at the same time you run ethereal so you are not just waiting for the computers to generate traffic themselves.

    Thank you. It looks like SPAN is going to do exactly what I needed.

    If you find anything easier to read and sort through than wireshark, let me know. We use port mirroring for CALEA, I know the Law Enforcements have some nice software to decrypt and read that traffic but I know it's expensive too, mega. To test though, we count on Wireshark or worse to ensure the packets are gettin captured properly.

    Clearsightnet.com has some stuff I think, but will probably run you $10k or so.

    "What you had there is what we refer to as a focused non-terminal repeating phantasm or a Class 5 full-roaming vapor."
  • thej3wthej3w Registered User
    edited March 2008
    http://www.openxtra.co.uk/freestuff/ntop-xtra.php

    Should be just a easy install for windows. Much easier than the real nTop installer.

    J4ku.png
Sign In or Register to comment.