Every so often you need to start looking at the packets to identify what is really going on. As I like the say “The packets don’t lie.” The following will show you how to setup a port mirror on several different platforms. You would then connect a PC to the destination port and use some packet capture software.
Cisco
Source port – port of the machine/device having the issue.
monitor session 2 source interface Gi2/0/18
Destination port – port you are sending the traffic too.
monitor session 2 destination interface Gi2/0/20
Enterasys
Enterasys does the command on the same line. (You would not type the parantheses)
set port mirroring create ge.2.13 (source) ge.2.2 (destination)
Juniper
[edit ethernet-switching-options]
set analyzer employee-monitor input ingress interface ge-0/0/0.0
[edit ethernet-switching-options]
set analyzer employee-monitor output interface ge-0/0/10.0
Mirroring ports can be very beneficial when there is not much information to go off or a discrepancy between what you’re being told vs the behavior you are seeing. This has solved many fingerpointing situations because at the end of the day ‘Packets Don’t Lie’.
Happy investigating!
Nick H
Leave a Replay
About Me
IT pro with a decade experience in the field.
