Port Mirroring

Image.png
In Wireshark set
Interface: Ethernet
Filter: ip.addr == 10.0.10.115 (your WWW server ip address)

Cisco
to start
(config)# monitor session 1 source interface Fa2/0/1
(config)# monitor session 1 destination interface Fa2/0/2
(config)# monitor session 2 source vlan 10

to verify
# show monitor 1

to stop
(config)# no monitor session 1

HP
to start
(config)# mirror-port 2
(config)# int 1 monitor
(config)# vlan 10 monitor

to verify
(config)# show monitor
 Network Monitoring Port
  Mirror Port: 2
  Monitoring sources
  ——————
  1

to stop
(config)# no mirror-port
(config)# no int 1 monitor
(config)# no vlan 10 monitor

Juniper
# show
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members default;
                }
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/47 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                native-vlan-id default;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 10.0.10.241/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.0.10.1;
    }
}
ethernet-switching-options {
    analyzer monitor1 {
        input {
            ingress {
                interface ge-0/0/0.0;
            }
        }
        output {
            interface {
                ge-0/0/1.0;
            }
        }
    }
    storm-control {
        interface all;
    }
}

to verify
# run show analyzer
Analyzer name                    : monitor1
  Output interface               : ge-0/0/1.0
  Mirror ratio                   : 1
  Loss priority                  : Low
  Ingress monitored interfaces   : ge-0/0/0.0

to stop
# delete ethernet-switching-options analyzer monitor1
# commit

to start
/interface ethernet switch set mirror-source=ether1 mirror-target=ether4
NOTE: this must be done in physical RouterBoard, can’t be done in Unetlab
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s