Jump to content

Monitor Switchport (Packet Capturing)


wildweaselmi
 Share

Recommended Posts

To span a port you need to use the monitor session commands



EXAMPLE:


ISSUE#1 RPC errors on some users


ISSUE#2 East Coast having issues connecting in the early morning



STEP 1 (PERFORMED BY NETWORK ADMIN)


Have network engineer identify what ports in the switch the four devices are plugged into


10.10.10.1 (CSS) example Gi3/37


10.10.10.12 (plgmr1a1) example Gi7/28


10.10.10.13 (plgmr1a1) example Gi7/29


10.10.10.14 (plgmr1a2) example Gi7/43


10.10.10.15 (plgmr1a2) example Gi7/44


10.10.10.16 (plgmr1a3) example Gi7/46


10.10.10.17 (plgmr1a3) example Gi7/48



STEP 2 (PERFORMED BY NETWORK ADMIN)


Have the private network (10.10.10.xx) from the CSS to the servers spanned to a port for monitoring (below example is using the above sample ports and is assuming the sniffer expert is plugging there laptop into port gi4/1)


(config)#monitor session 1 source int Gi3/37 , Gi7/28 - 29 , Gi7/43 - 44 , Gi7/46 , Gi7/48 both


(config)#monitor session 1 dest int Gi4/1



STEP 3 (PERFORMED BY SNIFFER EXPERT)


** If STEP 2 is not performed then create the following capture RULE, otherwise skip to STEP 4


10.10.10.1 <--> 10.10.10.12


10.10.10.1 <--> 10.10.10.13


10.10.10.1 <--> 10.10.10.14


10.10.10.1 <--> 10.10.10.15


10.10.10.1 <--> 10.10.10.16


10.10.10.1 <--> 10.10.10.17



STEP 4 (PERFORMED BY SNIFFER EXPERT)


Add to the capture rule:


TCP communication for all traffic over port 39999



STEP 5 (PERFORMED BY SNIFFER EXPERT)


Customize the Sniffer Capture files settings:


Find out how much space is available on your hard drive (example: 1GB)


Setup sniffer captures files to a size of 10MB


Setup maximum files 10/1000 = 100 files


Setup overight oldest file when full



STEP 6 (PERFORMED BY SNIFFER EXPERT)


Establish contact with requester for start time, stop time and destination for capture logs



STEP 7 (PERFORMED BY APPLICATION TECH.)


Notify a contact at all Debt Manager Branches that they need to notify you when:


1.) Logon issues occur in the morning


2.) RPC errors happen


Once contacted by customer, capture


1.) When did incident occur


2.) what is the ip address of machine with issue


3.) Is it issue #1(RPC errors) or issue #2(logon issues)


Notify Sniffer expert to


1.) Stop captures


2.) Copy existing data to predetermined destination for time frame under folder labeled DMRPC or DMLOGON


3.) Resume capturing data



STEP 8 (PEFORMED BY APPLICATION TECH.)


Send captured data (once completely uploaded) to necessary technicians with user information (IP address and when the issue occurred and what issue was captured)


Link to comment
Share on other sites

 Share

×
×
  • Create New...