Using the switch image point-grasping flow and analysis protocol

The following information is I have just dabbled in the IDC circle, collation of the document, three years past .... I didn't think it was a good time to write. But still stick it out, some understand wrong or can't understand, we can communicate. Now about the flow, there is a more comprehensive monitoring platform. For real-time capture of switch port traffic, SolarWinds is definitely the first choice. Some arp or want to analyze the protocol, still need to rely on grasping package software to realize.

Relative to our company involved in some switches, how to do port mirroring, through the assistance of the software to grasp the solution flow! I do a brief introduction, the following is the IDC Room switch part of the brand:

D-link 3226s

DES-3026

H3c-s3100-26tp-si

H3c-s2126-e0001p01

H3c-s5024p-e0102p01

tl-sl3226p

Cisco-3560

D-link 3226s and DES-3026

The login switch main configuration menu------Select the following advanced Setup------mirroring configurations (mirrored configuration)----The mirror status option to Enabled, and then target The port option is set to Port24, which is the mirrored port, and the Port1 Port Listener mode point is both (that is, the data sent and received is monitored simultaneously) so that the switch takes port 1th (that is, Port 2nd to 23 ports, Because 2-23 of the port is from 1th to the flow of data from anywhere and everywhere copy a copy to the Port 1, and then we on the port 24 on the monitoring, sniffer, such as grasping package software also has a place to go.

H3c-s3100-26tp-si

H3c-s2126-e0001p01

H3c-s5024p-e0102p01

A.web Landing

Login to switch interface---port management----port Mirroring

The Mirror Port is set to 24, the mirror is selected as Port 1th, others do not control!

Because if the computer room has a gigabit h3c-s5024p equipment, 1-4 ports and 4 hundred Gigabit Switch! Set the 1-4 number directly to the mirrored port. This allows you to monitor which server traffic is running high on the sniffer, such as the 4th port switch, It happened that the customer did not set the IP or this switch does not support the network management function, can not catch the packet! We set the number 1-4 to be mirrored port, using sniffer monitor, see which traffic runs high. Know his IP, you can know MAC address, with Dis mac-address 0046- E68C-7C2F can find out which port the MAC address is coming from, and then enter the Mac-address blackhole 0046-e68c-7c2f VLAN 1 after entering the port. Restrict this Mac to communication on this port, cancel the words, enter undo Mac-address blackhole 0046-e68c-7c2f VLAN 1. If you know which closet is a problem, for a clearer analysis, then we'll just make that port a mirrored port. Ok