I cannot monitor trunk traffic
I have two trunk port over Metroethernet contains several VLAN. And Cisco 3550 is meeting point for 2 trunk. I wanna monitor those trunk (far sites) traffic.
I try several SPAN on cisco 3550 switch but i didn’t get a source-destination traffic .
Here is my configs and output. And you can see my topology in attachement:
Config I:
monitor session 1 source vlan 1 - 4094 rx
monitor session 1 destination interface Fa0/8
Output 1 (tcpdump -i eth1)
10:28:49.398386 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:69:48:6a.800a, length 43
10:28:49.403695 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:28:49.423092 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:b2:73:c0.800c, length 43
10:28:49.435660 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:28:49.467041 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:28:49.503562 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:28:49.511120 IP 172.16.1.46 > ospf-all.mcast.net: OSPFv2, Hello, length 60
10:28:49.512063 IP 172.16.2.46 > ospf-all.mcast.net: OSPFv2, Hello, length 60
Config II:
monitor session 1 source vlan 1 - 4094 rx
monitor session 1 destination interface Fa0/8 encapsulation dot1q
Output II (tcpdump -i eth1)
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
Config III:monitor session 1 source interface Fa0/20
monitor session 1 destination interface Fa0/8
Output III (tcpdump -i eth1)
10:43:59.148118 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:43:59.160031 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:07:5d:ff.8008, length 43
10:43:59.181057 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:07:5e:3b.8009, length 43
10:43:59.183669 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:43:59.188202 IP 172.16.1.114 > ospf-all.mcast.net: OSPFv2, Hello, length 56
10:43:59.219978 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:43:59.251886 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 1444
10:43:59.255620 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:43:59.258862 IP 172.16.1.181 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 64
10:43:59.264209 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:f3:63:75.800e, length 43
10:43:59.267031 IP 172.16.1.185 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 84
10:43:59.285143 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:3a:65:4a.800e, length 43
10:43:59.290841 IP 172.16.2.182 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 84
Config IV:
monitor session 1 source interface Fa0/20
monitor session 1 destination interface Fa0/8 encapsulation dot1q
Output IV (tcpdump -i eth1)
10:45:54.508798 STP 802.1d, Topology Change
10:45:56.508461 STP 802.1d, Topology Change
10:45:58.508160 STP 802.1d, Topology Change
10:45:58.748225 DTPv1, length 38
10:46:00.508760 STP 802.1d, Topology Change
10:46:02.508853 STP 802.1d, Topology Change
10:46:04.508826 STP 802.1d, Topology Change
Config V:
monitor session 1 source interface Fa0/20 - 21 rx
monitor session 1 destination interface Fa0/8
Output V (tcpdump -i eth1)
10:50:14.464530 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:e3:48:b6.800c, length 43
10:50:14.473268 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:50:14.481147 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:cd:64:22.8008, length 43
10:50:14.484894 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:e3:48:da.800b, length 43
10:50:14.491750 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:cd:63:e5.8009, length 43
10:50:14.500191 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:32:8c:52.800e, length 43
10:50:14.505504 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:50:14.541735 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:50:14.549495 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 1444
10:50:14.577783 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:50:14.600906 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:32:8c:4a.800d, length 43
10:50:14.613448 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:50:14.649487 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:50:14.684209 IP 172.16.1.198 > ospf-all.mcast.net: OSPFv2, Hello, length 60
10:50:14.685534 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
10:50:14.704529 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:04:62:cd.800e, length 43
10:50:14.706505 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:04:62:d9.800f, length 43
I can't see hsot interactions. Why?
And How do you solve this problem?
You will not be able to tell if Firefox was used in private browsing mode. When in that mode Firefox does not store any details about web browsing.
One option you can use is to install a free parental control program such as K9 Web Protection - http://www1.k9webprotection.com/ - That program can be used to block access to sites based on categories that you choose. It will work with all browsers and does not matter if they are in private browsing mode or not.
Similar Messages
-
We cannot capture GPIB traffic using GPIB-USB-HS
We are trying to monitor a GPIB bus using the GPIB-USB-HS device. The version of MAX we have is v4.5 and the version of GPIB Analyze is v2.6. I have attached some screenshots that may aid in a resolution.
The first screenshot (GPIB Analyzer Error) shows the error that comes up when we start the GPIB Analyzer tool whether we have the GPIB-USB-HS plugged into the pc or not.
The second screenshot (Unknown GPIB+Card) shows that the Analyzer tool does not recognize the GPIB-USB-HS device and has disabled all of the controls/indicators.
The third screenshot (Instrument Not Found) shows that MAX indicates that it sees the GPIB-USB-HS device but has an error message in the bottom of the screen indicating that "Instruments not Found".
We are using NI Spy (version v2.6) to capture traffic and cannot see the traffic on a GPIB bus and are not sure what to do at this point. Please advise.
Thanks,
Steven
Attachments:
GPIB_Error.xls 109 KBThe first error really explains it well. The only supported cards for the GPIB Analyzer are the "+" series of cards. Obviously, you do not have one of those.
If an instrument is not found, then I would recomend that you try a different instrument and a different cable.
In the future, you would also want to post to the correct board. This does not have anything to do with the program called "Measure". -
How to monitor network traffic on an IP alias?
Does anybody happen to know how I can monitor the traffic on an IP alias on say igb0:1 using iftop or something similar? iftop (pcap, I guess is the issue here) doesn't seem to cope with IP aliases.
CheersAfter fiddling around a bit with this issue I decided that it was time to embrace dladm/ipadm a bit more and exchange these old-style virtual NICs with new ones. So I dumped the old igbx:y VNICs and created new ones by issuing:
dladm create-vnic -l igb0 vnic0
followed by:
ipadm create-ip; ipadm create-addr…
Now, I can monitor these new vnics using if top just fine. -
Problem with an application running Adobe Flex. tech people say they cannot monitor, track or catch the problem. Application shuts down and give the following erre:
Failure of server APACHE bridge:
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF or method not idempotent.<moved from Downloading, Installing, Setting Up to Flex>
-
Encrypting vlan-trunk traffic between switches
Hi,
Can anyone guide me to some papers or other resources on how to encrypt traffic between 2 switches. The switchces will be connected with fiber and use dot-1q tagging. And I wan't to encrypt all of the trunked traffic.
I was thinking of L2TP, but I haven't found any good description on how to implement this. I have two 3750 switches I thought I might use.
Thanks for any input,
Regards,
Oyvind Mathiesen
mnemonic
NorwayHi,
Thanks for the response. I had a look at MACsec and it looks good. I would have liked to employ something P2P though, to also limit the ammount of MAC addresses broadcasted on the "wire". But let me first give you an understanding of the task:
We have two sites, connected via fibre and we want to create a VLAN trunk across and order to expand the broadcast domains to te other site.
The IDIOT carrier, has a limitation on the number of MAC addresses they allow on the fibre service, 100.
We also need to encrypt the datatraversing this connectivity.
MACsec wuold work 100% exept the source and dstination MAC addresses are still sent (at least according to https://docs.google.com/viewer?a=v&q=cache:LEf2qOmYZyYJ:www.ieee802.org/1/files/public/docs2011/bn-hutchison-macsec-sample-packets-0511.pdf+&hl=en&gl=za&pid=bl&srcid=ADGEESgmAHXpDOY0RBAE-Rv1HDpu_C_gkeSPN4cv6NGgyP0M1aXVu0UqzCfxo8t_P41ep6J37k4OLKnjfp1M9hoTDHxY22WGz2h7yB7YRLyPvRUbGS8TICzvEMlG92xqbhy6RWFugmnj&sig=AHIEtbTfu0LQIJejdYidE6yzq4lpPifxjQ
And that would cause me to eat into the 100 MAC limit.
Ridiculous I know, but we are looking for an out-of-the-norm plan...
Thanks -
Is there anyway to monitor network traffic on the newer Time Capsules, similar to the SNMP monitoring previously?
Can I use a real router and still have the Time Capsule for backups etc?
Yes, that is what Bridge Mode is for. Just connect the Time Capsule to a LAN <--> Ethernet port on your "main" router. -
SA540 - Monitor Web Traffic (How to)?
Just as the title reads, I'm looking for a way to monitor what traffic is going through my SA540. Looking for what websites are being accessed.
Not sure how to do this. Can anyone assist?
Thanks in advance!I looked into OPENDNS several months ago and seems like it was kinda expensive for commercial usage. It wasn't an option.
I was looking at the Status/Reports section of my 540 and it sounds like it gives the top 10 websites visited. Does this sound correct?
Of course Content Filtering must be turned on. I assume turning on Content Filtering does nothing until allowed or blocked URL data is present?
k -
I'm using a solution to monitor the traffic passing through the interface
SWCORE connecting with my router.
The Linux machine (sniff) has two interfaces (eth0 and eth1)
Etho (manages the machine) connected to the interface to another interface g1/18
(Sniff) connected in g1/27.
Add the following command:
monitor session 2 source interface Gi1/48
monitor session 2 destination interface Gi1/27
But I don't capture nothing.
I show monitor out following:
Session 2
Type : Local Session
Source Ports :
Both : Gi1/48
Destination Ports : Gi1/27
Encapsulation : Native
Ingress : Disabled
Learning : Disabled
Do what doing wrong? Help me??try this "monitor session 2 source interface Gi1/48 ?"
Doesn't if show an option to span ingoing, outgoing or both traffic directions?
I think you need both
Do you see traffic on the spanport Gi1/27 if you do a "show interface Gi1/27" ?
The counters should go up
The interface Eth0 should be in promiscuous mode to capture the traffic other then for its own mac address or broad/multicast
Cheers,
Michel -
I moved from 2500 series routers to a switched network using a Catalyst 3750 and 3560 switches over the course of the last year. In my routed network I used MRTG to monitor traffic on my interfaces. In my switched network environment I have not been able to find a free or low cost tool that will monitor VLAN traffic. Any suggestions?
I have the same problem and found these links that provided answers:
http://forums.cacti.net/about29656.html&highlight=
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_23738165.html
Vlans on 3560s, 3750s and 3550s do not show stats. The packets are forwarded with the ASIC chips and do not cross the CPU for actual processing. To actually see the traffic you will need to turn off CEF, which decrases the performance significantly (not recommended, see links above). -
Anyone know of an area where information on monitoring VNC traffic would be?
I have been asked to monitor VNC traffic and the baseline signature I have loaded
on devices seems a little lacking in scope....
Anyone else looking at this traffic on their network and can give some insight?
I didn't get alot of hits in the knowledge base when looking for VNC traffic so any
inforation can help.
Thanks...I think mainly to see who is actually using or attempting to use VNC products...
Might be as simple as monitoring a port; this will help us track down any unauthorized
attempts at using VNC products...I just want to see what options I have. -
Monitor the traffic/bandwidth of local computers ?
Hi everyone,
What is the software/script to monitor the traffic/bandwidth of the local users ?
I'm currently has Xserve as like a DHCP/gateway, and there are about 20 computers connects through Xserve. I'd like to monitor the local computers to see their bandwidth but not sure what script/software need to be installed on Xserve. All my local computers have ip 10.10.x.x.
I installed darkstat but it doesn't show me the specific ip address that taking how much bandwidth (like download/upload speed..).
ThanksTake a look at Intermapper <http://dartware.com/>, Lithium <http://lithiumcorp.com/> and Zenoss <http://www.zenoss.com/>. They should be able to do what you want. Hope that helps.
- Barrett -
Generate and Monitor Interconnect traffic
Guys
Does anyone has scripts to generate and monitor interconnect traffic? I am trying to test my interconnect on 4 node RAC (10gR2)
Any help?
Thanks in advance
PGSee if this helps....we use the below script to monitor the interconnect traffic.
select b1.inst_id,
b2.value "GCS CR BLOCKS RECEIVED",
b1.value "GCS CR BLOCK RECEIVE TIME",
((b1.value / b2.value) * 10) "AVG CR BLOCK RECEIVE TIME (ms)"
from gv$sysstat b1,
gv$sysstat b2
where b1.name = 'global cache cr block receive time' and
b2.name = 'global cache cr blocks received' and
b1.inst_id = b2.inst_id -
Hi- Is the hit counter button the only way to monitor visitor traffic? Is there a way to see who is visiting my site? Thanks for your time.
I use stat counter, it IS safe and there ISN'T anything on a Mac so there is the need of 3rd party software. Another is Google Anayltics, but that's more complicated. You can use iTweak to easily apply your statcounter code, too
-
Can I monitor JMS traffic (not the contents) for MDBs?
WL 9.2.2 on AIX 5.3.
I have an EAR deployed to our domains that a third-party vendor developed. It has MDBs that are configured to be persistent. Messages appearing on the queue are read quickly and sent elsewhere. I thought that I should be able to go to the Monitoring page of the JMS queue and see some information about traffic, even though I can't see the actual messages. When I go to the Monitoring tab for the queue, the list is always empty, even though I'm pretty sure messages are being processed through the queue.
An engineer from the vendor said that "So all the messages that were sent and acknowledged are never persisted in the filestore and hence you cannot view those messages from the weblogic console". I certainly believe him that I wouldn't be able to view the contents of messages after they are removed from the store, but I would assume that the traffic history is still kept.
Am I misunderstanding what I should be able to see here?You can see certain attributes something like "Messages High" and "Consumers Current", "Consumers High", but no copies of messages would be kept. If consumers are active and always reading off messages as they come in, then "Messages High" will likely not even increment. If you want to see the messages you could pause consumption of the queue, which should not block production of messages. Then you should be able to see messages start "queueing up" until you unpause comsumption.
-
Cisco ASA 5505 Cannot ping local traffic and local hosts cannot get out
I have, what I believe to be, a simple issue - I must be missing something.
Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209).
There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off.
The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue.
Basically, the VPN is up and running but PC 10.51.253.210 cannot get out.
Any ideas? Sanitized Config is below. Thanks !
ASA Version 7.2(4)
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif Inside
security-level 100
ip address 10.51.253.209 255.255.255.248
interface Vlan2
nameif Outside
security-level 0
ip address ***** 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
ftp mode passive
dns server-group DefaultDNS
domain-name *****
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
pager lines 24
mtu Outside 1500
mtu Inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Inside) 0 access-list No_NAT
route Outside 0.0.0.0 0.0.0.0 ***** 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set DPS_Set esp-3des esp-md5-hmac
crypto map DPS_Map 10 match address Outside_VPN
crypto map DPS_Map 10 set peer *****
crypto map DPS_Map 10 set transform-set *****
crypto map DPS_Map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 60
console timeout 0
management-access Inside
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group ***** type ipsec-l2l
tunnel-group ***** ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8d0adca63eab6c6c738cc4ab432f609d
: end
1500Hi Martin,
Which way you are trying. Sending traffic via site to site is not working or traffic which you generate to outside world is not working?
But you say ASA connected interface to PC itself is not pinging that is strange. But try setting up the specific rules for the outgoing connection and check. Instead of not having any ACL.
If it is outside world the you may need to check on the NAT rules which is not correct.
If it is site to site then you may need to check few other things.
Please do rate for the helpful posts.
By
Karthik
Maybe you are looking for
-
In my SOAP to Proxy scenario I have a proxy that will return "true" or "false" depending on the logic in my method. When I execute the proxy it returns the false value for cases that are false in SAP. The scenario does not return the "true" value w
-
Hi In routing if I maintain controlkey with external operation, I have to enter the info record details. (I have to create info record without ref to material, the pur req/Pur ord created will be account assigned). When ever I create an order the sys
-
"Backup failed" using Time Capsule
Hello, trying to back up a Macbook using Time Capsule, keep getting the message that backup failed, even when I attach with MB to TB with an Ethernet cable. Anyone have any idea where I could begin to start looking for a solution?
-
Can JOptionPane produce an editable JComboBox?
Can I use JOptionPane for an input dialog component with a data input area represented by an editable JComboBox ? For example : JOptionPane.showInputDialog( parent, � How Much?�, �This is the title�, JOptionPane.QUESTION_MESSAGE, null, new Object[] {
-
Users changing 'open with:' not working/permanent
We have an issue with 'open with:' (within get info options) not permanently remembering any changes. We have Lion Server set up as OD and when users login any PDF or EPS files are set to open using Preview, users then change this via 'get info' to '