Monday, August 1, 2016

6 comments

SPAN and RSPAN





Let’s imagine the topology where we have their client and server and they exchanging traffic back and forth
                       

                                        If we trying to do maybe some troubleshooting, something going on between client and server. We want to do packet capture and analyses the packet going back and forth. What if we connected to Sniffer to the switch?

                              And we turned on packet sniffing software like “Wireshark”, and we trying to sniff the packet going back and forth between client and server. Unfortunately it is not gonna work is it because the switch is doing his job of only forwarding frames where they need to go  and according to mac address table inside the switch those frames do not need to go down to our sniffer.
                         Fortunately cisco give us feature called “SPAN (Switched Port Analyzer)” 

With span enable we can tell the switch port that we want to make a copy of traffic going out or coming into switchport. We waana make a copy of that traffic, and then send that copy out of this, other port this SPAN destination port, That’s were we doing here. Server is sending traffic and, we monitoring the port to which the client is connected. We are saying we want to get copy of traffic going out or coming into that port to which the client is connected, and we want to send that copy down to our sniffer
                                    In addition to doing that, there is another option, were we can monitor a vlan. We can see traffic appearing on all ports of vlan, and send all of that traffic out of our sniffer, that’s the basic theory of How SPAN Function work

Setting up Local SPAN




We have a client and server attached to Switch Sw1, and they sending information back and forth between themselves. However our “sniffer” (The Laptop running network analyzer software) is on Switch Sw2. How we had a copy of that traffic over Sw2?
                                               
                                   Cisco gives us solution is called RSPAN (Remote Switched Port Analyzer). If we have a trunk between these two switches. In this case one on the vlans that we want to carry across that trunk between our switches, is a vlan that carrying this SPAN information.

                                          Here we setup a span session on each switch. On switch SW1 we can say that the span source, is port to which the client is attached, and span destination is a vlan, specifically we gonna called a remote vlan, and when we send a copy of traffic appearing on the clients port over to this vlan, that vlan traffic goes across the trunk and appearing on Switch SW2, then on Switch SW2, we setup span session there , and we say that the source of span session is this remote vlan, and the destination is the port attached to the sniffer, in once we do that. Now traffic appearing on the clients port is gonna be copied and sent to this vlan , that we designated as a remote vlan, and we just gonna flow over the trunk, it’s going to appear on SW2, where we have another span session that says traffic appearing on this remote vlan send copy out this port attached to a sniffer.

Setup:-




6 comments:

  1. can i get (vtp,stp,vlan,acl,etherchanel,rip,eigrp,ospf osi/tcp model) pdf file. please send my personal email (mr.maksudur@gmail.com)

    ReplyDelete
  2. Nice Job here, Bravo!

    Kindly help with PDF for the following in my email. emmygemsy@gmail.com (vtp,stp,vlan,acl,etherchanel,rip,eigrp,ospf osi/tcp model) pdf file. please send my personal email (emmygemsy@gmail.com). Thanks

    ReplyDelete
  3. Nice Job here, Bravo!

    Kindly help with PDF for the following in my email. emmygemsy@gmail.com (vtp,stp,vlan,acl,etherchanel,rip,eigrp,ospf osi/tcp model) pdf file. please send my personal email (emmygemsy@gmail.com). Thanks

    ReplyDelete
  4. Please Give me some pdf Switching and routing File in my mail address

    jahirulhd@gmail.com

    ReplyDelete
  5. SPAN (Switched Port Analyzer) and RSPAN (Remote SPAN) are network monitoring features that allow you to copy traffic from one or more source ports to a destination port for analysis. While they serve a similar purpose, there's a key difference in their scope and implementation.

    Networking Projects For Final Year

    SPAN (Switched Port Analyzer)
    Local Scope: The source and destination ports are on the same switch.
    Configuration: You specify source and destination ports on the same device.
    Use Cases: Monitoring specific traffic on a switch, troubleshooting network issues, or capturing traffic for analysis.
    RSPAN (Remote SPAN)
    Extended Scope: The source and destination ports can be on different switches.
    Configuration: Requires configuration on multiple switches to establish a SPAN session that spans across the network.
    Use Cases: Monitoring traffic across multiple switches, troubleshooting network issues that span multiple devices, or capturing traffic for centralized analysis.

    ReplyDelete