Port Spanning

To configure a Cisco switch for port spanning, aka mirroring, log into the switch via a serial, telnet, or SSH connection. Then enter privileged mode by entering the enable command. Provide the enable secret when prompted for "password". Once you are in privileged mode, you can enter configuration mode by entering the config terminal command. 

My_Switch>enable
Password:
My_Switch#config terminal
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
My_Switch(config)#

Let's say I want to view all traffic to/from a system connected to port 16 on my switch. I want to view the traffic using a system connected to port 10. So, I mirror the traffic to/from port 16 to port 10 with the following commands: 

My_Switch(config)#monitor session 1 source interface Fa0/16 both
My_Switch(config)#monitor session 1 destination interface Fa0/10
My_Switch(config)#

Then on a system connected to port 10, I can monitor network traffic using a utility, such as snoop, tcpdump, WinDump Wireshark, or some other packet sniffer utility.

You can see which ports are being mirrored using the show monitor command. 

My_Switch>show monitor
Session 1
---------
Type              : Local Session
Source Ports      :
    Both          : Fa0/16
Destination Ports : Fa0/10
    Encapsulation : Native
          Ingress: Disabled

You can add additional source ports for monitoring, if you wish.

My_Switch(config)#monitor session 1 source interface Fa0/18 both
My_Switch(config)#exit
My_Switch#show monitor
Session 1
---------
Type              : Local Session
Source Ports      :
    Both          : Fa0/16,Fa0/18
Destination Ports : Fa0/10
    Encapsulation : Native
          Ingress: Disabled

References:

  1. Port Sniffing Port Mirroring with SPAN
    Date: May 8, 2008
    Who's Your ITDaddy? - CCNA Blog!

Valid HTML 4.01 Transitional