Monitoring interface traffic

I'm using a solution to monitor the traffic passing through the interface
SWCORE connecting with my router.
The Linux machine (sniff) has two interfaces (eth0 and eth1)
Etho (manages the machine) connected to the interface to another interface g1/18
(Sniff) connected in g1/27.
Add the following command:
monitor session 2 source interface Gi1/48
monitor session 2 destination interface Gi1/27
But I don't capture nothing.
I show monitor out following:
Session 2
Type : Local Session
Source Ports :
Both : Gi1/48
Destination Ports : Gi1/27
Encapsulation : Native
Ingress : Disabled
Learning : Disabled
Do what doing wrong? Help me??

try this  "monitor session 2 source interface Gi1/48 ?"
Doesn't if show an option to span ingoing, outgoing or both traffic directions?
I think you need both
Do you see traffic on the spanport Gi1/27 if you do a  "show interface Gi1/27"  ?
The counters should go up
The interface Eth0 should be in promiscuous mode to capture the traffic other then for its own mac address or broad/multicast
Cheers,
Michel

Similar Messages

  • Monitoring tunnel interface traffic

    We've integrated WLSM with IDSM-2 and want to monitor wireless traffic terminating on tunnel interfaces. Can't find a way to configure SPAN or VACL on IOS 6500 to capture traffic. Any suggestions?

    Try this:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a0080459221.html

  • Monitoring VLAN traffic

    I moved from 2500 series routers to a switched network using a Catalyst 3750 and 3560 switches over the course of the last year. In my routed network I used MRTG to monitor traffic on my interfaces. In my switched network environment I have not been able to find a free or low cost tool that will monitor VLAN traffic. Any suggestions?

    I have the same problem and found these links that provided answers:
    http://forums.cacti.net/about29656.html&highlight=
    http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_23738165.html
    Vlans on 3560s, 3750s and 3550s do not show stats.  The packets are forwarded with the ASIC chips and do not cross the CPU for actual processing.  To actually see the traffic you will need to turn off CEF, which decrases the performance significantly (not recommended, see links above).

  • How to monitor network traffic on an IP alias?

    Does anybody happen to know how I can monitor the traffic on an IP alias on say igb0:1 using iftop or something similar? iftop (pcap, I guess is the issue here) doesn't seem to cope with IP aliases.
    Cheers

    After fiddling around a bit with this issue I decided that it was time to embrace dladm/ipadm a bit more and exchange these old-style virtual NICs with new ones. So I dumped the old igbx:y VNICs and created new ones by issuing:
    dladm create-vnic -l igb0 vnic0
    followed by:
    ipadm create-ip; ipadm create-addr…
    Now, I can monitor these new vnics using if top just fine.

  • Monitor-interface command

    Dear all,
    I am configuring an ASA5520, it is working in multi context mode.
    I have try to configure the monitor-interface for a subinterface called Inside_shared, i receive an error on the interface name.
    This subinterface is a shared interface.
    I am within the context.
    Why i can't do that?
    Best regards,
    Igor.

    Hi Santi,
    No You dont have to put the reflector port in any vlan. Just assign any port as a reflector port and it will not longer be a part of any vlan.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swspan.htm#wp1401252
    HTH,
    -amit singh

  • Monitoring Interfaces /Integration Scenario's

    Hi,
    I got a task of Monitoring integration scenario's.
    What are the other option available except: Data at Receiving application, RWB, Integration Engine and J2EE logs
      to monitor interfaces.
    How to do Error Handling in the case of file2file scenario?.

    Hi,
    There are some good documents available in SDN for XI monitoring, check the following links:
    http://help.sap.com/saphelp_nw70/helpdata/EN/06/5d1741b393f26fe10000000a1550b0/frameset.htm
    https://www.sdn.sap.com/irj/scn/advancedsearch?query=ximonitoirngguide
    /people/michal.krawczyk2/blog/2005/09/07/xi-why-dont-start-searching-for-all-errors-from-one-place
    For J2EE monitoring :
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e63ad672-0801-0010-c5b2-ea75cfffb423
    http://help.sap.com/saphelp_nw04/helpdata/en/39/83682615cd4f8197d0612529f2165f/content.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/fc03a2a2-0a01-0010-b497-87518550e132
    http://help.sap.com/saphelp_nw04/helpdata/en/c3/6fff40e39ba854e10000000a1550b0/frameset.htm
    For file 2 file error handlimg, as mentioned above, you can set up CCMS Alerts:
    /people/sap.user72/blog/2005/11/24/xi-configuring-ccms-monitoring-for-xi-part-i
    /people/sap.user72/blog/2005/12/05/xi-grmg-customizing-for-xi-ccms-heartbeat-monitoring-part-ii 
    Also, a good blog talking about the main XI Production error:
    /people/prashanth.azharuddin/blog/2006/11/24/some-errors-in-an-xi-production-environment
    Rgds,
    Puneet
    Edited by: Puneet Singhal on Aug 19, 2009 8:25 AM

  • Is there anyway to monitor network traffic on the newer Time Capsules, similar to the SNMP monitoring previously?

    Is there anyway to monitor network traffic on the newer Time Capsules, similar to the SNMP monitoring previously?

    Can I use a real router and still have the Time Capsule for backups etc?
    Yes, that is what Bridge Mode is for.  Just connect the Time Capsule to a LAN <--> Ethernet port on your "main" router.

  • SA540 - Monitor Web Traffic (How to)?

    Just as the title reads, I'm looking for a way to monitor what traffic is going through my SA540.  Looking for what websites are being accessed.
    Not sure how to do this.  Can anyone assist?
    Thanks in advance!

    I looked into OPENDNS several months ago and seems like it was kinda expensive for commercial usage.  It wasn't an option.
    I was looking at the Status/Reports section of my 540 and it sounds like it gives the top 10 websites visited.  Does this sound correct?
    Of course Content Filtering must be turned on.  I assume turning on Content Filtering does nothing until allowed or blocked URL data is present?
    k

  • Monitoring VNC traffic

    Anyone know of an area where information on monitoring VNC traffic would be?
    I have been asked to monitor VNC traffic and the baseline signature I have loaded
    on devices seems a little lacking in scope....
    Anyone else looking at this traffic on their network and can give some insight?
    I didn't get alot of hits in the knowledge base when looking for VNC traffic so any
    inforation can help.
    Thanks...

    I think mainly to see who is actually using or attempting to use VNC products...
    Might be as simple as monitoring a port; this will help us track down any unauthorized
    attempts at using VNC products...I just want to see what options I have.

  • Monitor the traffic/bandwidth of local computers ?

    Hi everyone,
    What is the software/script to monitor the traffic/bandwidth of the local users ?
    I'm currently has Xserve as like a DHCP/gateway, and there are about 20 computers connects through Xserve. I'd like to monitor the local computers to see their bandwidth but not sure what script/software need to be installed on Xserve. All my local computers have ip 10.10.x.x.
    I installed darkstat but it doesn't show me the specific ip address that taking how much bandwidth (like download/upload speed..).
    Thanks

    Take a look at Intermapper <http://dartware.com/>, Lithium <http://lithiumcorp.com/> and Zenoss <http://www.zenoss.com/>. They should be able to do what you want. Hope that helps.
    - Barrett

  • Generate and Monitor Interconnect traffic

    Guys
    Does anyone has scripts to generate and monitor interconnect traffic? I am trying to test my interconnect on 4 node RAC (10gR2)
    Any help?
    Thanks in advance
    PG

    See if this helps....we use the below script to monitor the interconnect traffic.
    select b1.inst_id,
    b2.value "GCS CR BLOCKS RECEIVED",
    b1.value "GCS CR BLOCK RECEIVE TIME",
    ((b1.value / b2.value) * 10) "AVG CR BLOCK RECEIVE TIME (ms)"
    from gv$sysstat b1,
    gv$sysstat b2
    where b1.name = 'global cache cr block receive time' and
    b2.name = 'global cache cr blocks received' and
    b1.inst_id = b2.inst_id

  • Monitor visitor traffic

    Hi- Is the hit counter button the only way to monitor visitor traffic? Is there a way to see who is visiting my site? Thanks for your time.

    I use stat counter, it IS safe and there ISN'T anything on a Mac so there is the need of 3rd party software. Another is Google Anayltics, but that's more complicated. You can use iTweak to easily apply your statcounter code, too

  • How to monitor the traffic on network interface card NIC

    hello friends
    i m dong a network based project
    in that i need to calculate the incoming
    and outgoing traffic on network interface
    Can anyone help me regarding this...
    any API that i van use, i know abt JPCAP
    but unable to use that in this repect...
    Thanks in Advance

    sorry for any mistake....
    i m new to java
    Actually using JPCAP we can capture the packets
    and process them..may save to file or some thing like that
    but how to know the current incoming and outgoing traffic...on NIC
    and also how much it is capable of...
    can u tell me any good tutorial
    i really need to do that
    thanks for concern

  • Control and monitoring of traffic lights

    i am a student and new to graphical programming.i am using labview 6.1 to monitor and control a system of traffic lights from a central location.my problem is geting the lights to go on and off.

    You asked the same question here and the answer is still the same. Provide some details on what exactly you're attempting to do and what specifically is the problem. That means details on what kind of hardware you're using to interface to the lights, any error codes being generated, etc. Posting your program would help as well.

  • I cannot monitor trunk traffic

    I have two trunk port  over Metroethernet contains several VLAN. And  Cisco 3550 is meeting point for 2 trunk. I wanna monitor those trunk (far sites) traffic.
    I try several SPAN on cisco 3550 switch but i didn’t get  a source-destination traffic .
    Here is my configs and output. And you can see my topology in attachement:
    Config I:
    monitor session 1 source vlan 1 - 4094 rx
    monitor session 1 destination interface Fa0/8
    Output 1 (tcpdump -i eth1)
    10:28:49.398386 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:69:48:6a.800a, length 43
    10:28:49.403695 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:28:49.423092 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:b2:73:c0.800c, length 43
    10:28:49.435660 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:28:49.467041 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:28:49.503562 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:28:49.511120 IP 172.16.1.46 > ospf-all.mcast.net: OSPFv2, Hello, length 60
    10:28:49.512063 IP 172.16.2.46 > ospf-all.mcast.net: OSPFv2, Hello, length 60
    Config II:
    monitor session 1 source vlan 1 - 4094 rx
    monitor session 1 destination interface Fa0/8 encapsulation dot1q
    Output II (tcpdump -i eth1)
    tcpdump: WARNING: eth1: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
    Config III:monitor session 1 source interface Fa0/20
    monitor session 1 destination interface Fa0/8
    Output III (tcpdump -i eth1)
    10:43:59.148118 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:43:59.160031 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:07:5d:ff.8008, length 43
    10:43:59.181057 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:07:5e:3b.8009, length 43
    10:43:59.183669 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:43:59.188202 IP 172.16.1.114 > ospf-all.mcast.net: OSPFv2, Hello, length 56
    10:43:59.219978 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:43:59.251886 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 1444
    10:43:59.255620 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:43:59.258862 IP 172.16.1.181 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 64
    10:43:59.264209 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:f3:63:75.800e, length 43
    10:43:59.267031 IP 172.16.1.185 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 84
    10:43:59.285143 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:3a:65:4a.800e, length 43
    10:43:59.290841 IP 172.16.2.182 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 84
    Config IV:
    monitor session 1 source interface Fa0/20
    monitor session 1 destination interface Fa0/8 encapsulation dot1q
    Output IV (tcpdump -i eth1)
    10:45:54.508798 STP 802.1d, Topology Change
    10:45:56.508461 STP 802.1d, Topology Change
    10:45:58.508160 STP 802.1d, Topology Change
    10:45:58.748225 DTPv1, length 38
    10:46:00.508760 STP 802.1d, Topology Change
    10:46:02.508853 STP 802.1d, Topology Change
    10:46:04.508826 STP 802.1d, Topology Change
    Config V:
    monitor session 1 source interface Fa0/20 - 21 rx
    monitor session 1 destination interface Fa0/8
    Output V (tcpdump -i eth1)
    10:50:14.464530 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:e3:48:b6.800c, length 43
    10:50:14.473268 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:50:14.481147 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:cd:64:22.8008, length 43
    10:50:14.484894 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:e3:48:da.800b, length 43
    10:50:14.491750 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:cd:63:e5.8009, length 43
    10:50:14.500191 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:32:8c:52.800e, length 43
    10:50:14.505504 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:50:14.541735 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:50:14.549495 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 1444
    10:50:14.577783 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:50:14.600906 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:32:8c:4a.800d, length 43
    10:50:14.613448 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:50:14.649487 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:50:14.684209 IP 172.16.1.198 > ospf-all.mcast.net: OSPFv2, Hello, length 60
    10:50:14.685534 IP 172.16.2.154 > ospf-all.mcast.net: OSPFv2, LS-Update, length 60
    10:50:14.704529 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:04:62:cd.800e, length 43
    10:50:14.706505 STP 802.1d, Config, Flags [none], bridge-id 8000.00:00:0c:04:62:d9.800f, length 43
    I can't see hsot interactions. Why?
    And How do you solve this problem?

    You will not be able to tell if Firefox was used in private browsing mode. When in that mode Firefox does not store any details about web browsing.
    One option you can use is to install a free parental control program such as K9 Web Protection - http://www1.k9webprotection.com/ - That program can be used to block access to sites based on categories that you choose. It will work with all browsers and does not matter if they are in private browsing mode or not.

Maybe you are looking for