Port mirroring monitors the packets of a particular port on another port. The following example shows how to mirror all incoming packets on port 25 to port 26.
See Basic SEFOS Topology for the topology for this task. Type the following commands on the SEFOS-1 switch.
See Connect to SEFOS.
SEFOS-1# configure terminal SEFOS-1(config)# interface vlan 1 SEFOS-1(config-if)# shutdown SEFOS-1(config-if)# ip address 12.0.0.1 255.0.0.0 SEFOS-1(config-if)# no shutdown SEFOS-1(config-if)# end
SEFOS-1# ping 12.0.0.100 Reply Received From :12.0.0.100, TimeTaken : 60 msecs Reply Received From :12.0.0.100, TimeTaken : 100 msecs Reply Received From :12.0.0.100, TimeTaken : 90 msecs --- 12.0.0.100 Ping Statistics --- 3 Packets Transmitted, 3 Packets Received, 0% Packets Loss
The ping reply from host A to the switch is not captured at port 26, which is connected to the packet capturing device prior to the port-mirroring configuration.
SEFOS-1# configure terminal
SEFOS-1(config)# monitor session destination interface xl-ethernet 0/26
SEFOS-1(config)# monitor session source interface xl-ethernet 0/25 rx
SEFOS-1(config-if)# end
SEFOS-1# show port-monitoring Port Monitoring is enabled Monitor Port : X10/26 Port Ingress-Monitoring Egress-Monitoring ---- ------------------ ----------------- X10/25 Enabled Disabled ...
SEFOS-1# ping 12.0.0.100
# tcpdump -xx -n -i eth3 icmp ... listening on eth3, link-type EN10MB (Ethernet), capture size 96 bytes 17:09:58.595583 IP 12.0.0.100 > 12.0.0.1: ICMP echo reply, id 0, seq 1, length 40 ... 0x0010: 003c 68e6 4000 ff01 fa75 0c00 0064 0c00 17:09:58.617899 IP 12.0.0.100 > 12.0.0.1: ICMP echo reply, id 0, seq 2, length 40... 0x0030: a5a5 a5a5 a5a5 a5a5 a5a5 a5a5 a5a5 a5a5 17:09:58.698280 IP 12.0.0.100 > 12.0.0.1: ICMP echo reply, id 0, seq 3, length 40...