Using the switch image point-grasping flow and analysis protocol

Source: Internet
Author: User

The following information is I have just dabbled in the IDC circle, collation of the document, three years past .... I didn't think it was a good time to write. But still stick it out, some understand wrong or can't understand, we can communicate. Now about the flow, there is a more comprehensive monitoring platform. For real-time capture of switch port traffic, SolarWinds is definitely the first choice. Some arp or want to analyze the protocol, still need to rely on grasping package software to realize.

Relative to our company involved in some switches, how to do port mirroring, through the assistance of the software to grasp the solution flow! I do a brief introduction, the following is the IDC Room switch part of the brand:

D-link 3226s







D-link 3226s and DES-3026

The login switch main configuration menu------Select the following advanced Setup------mirroring configurations (mirrored configuration)----The mirror status option to Enabled, and then target The port option is set to Port24, which is the mirrored port, and the Port1 Port Listener mode point is both (that is, the data sent and received is monitored simultaneously) so that the switch takes port 1th (that is, Port 2nd to 23 ports, Because 2-23 of the port is from 1th to the flow of data from anywhere and everywhere copy a copy to the Port 1, and then we on the port 24 on the monitoring, sniffer, such as grasping package software also has a place to go.




A.web Landing

Login to switch interface---port management----port Mirroring

The Mirror Port is set to 24, the mirror is selected as Port 1th, others do not control!

Because if the computer room has a gigabit h3c-s5024p equipment, 1-4 ports and 4 hundred Gigabit Switch! Set the 1-4 number directly to the mirrored port. This allows you to monitor which server traffic is running high on the sniffer, such as the 4th port switch, It happened that the customer did not set the IP or this switch does not support the network management function, can not catch the packet! We set the number 1-4 to be mirrored port, using sniffer monitor, see which traffic runs high. Know his IP, you can know MAC address, with Dis mac-address 0046- E68C-7C2F can find out which port the MAC address is coming from, and then enter the Mac-address blackhole 0046-e68c-7c2f VLAN 1 after entering the port. Restrict this Mac to communication on this port, cancel the words, enter undo Mac-address blackhole 0046-e68c-7c2f VLAN 1. If you know which closet is a problem, for a clearer analysis, then we'll just make that port a mirrored port. Ok

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.