Port Snooping

[reicherb]

I'm interested in watching the traffic in and out of my school district. One the outside edge, I've got a Cisco 2948G-L3. I assume I need to forward all traffic on the port going to the upstream router to another port which I have my snoppong sytem attached. The problem I have is that I don't find any port snooping commands for the 2948. Is there another way to forward the traffic?

Thanks.

 

[spidey07]

called "port mirroring" or "port spanning"

on CAT OS switches the command is..

FC2-6509> (enable) set span ?
Usage: set span disable [dest_mod/dest_port|all]
set span <src_mod/src_ports...|src_vlans...|sc0>
<dest_mod/dest_port> [rx|tx|both]
[inpkts <enable|disable>]
[learning <enable|disable>]
[multicast <enable|disable>]
[filter <vlans...>]
[create]
(example of src_mod/src_ports: 2/1-4 or 2/1-2 or 2/5,2/6
example of src_vlans: 2-10,105
FC2-6509> (enable)

 

[n0cmonkey]

Make sure you have permission to do this. It sounds like you are the admin, but still. Every infosec conference I attend someone mentions Privacy Rights at Universities being fairly strict.

 

[reicherb]

I am the admin and assume it's acceptible. I'm basically just looking for things lik peer to peer file sharing, and am curious what types of traffic are most utilized on our network. I'll let the big guys know what I'm doing.

Thanks guys.