ok, so I got my hands on a Cisco 2940 managed switch, and after hours of reading, I'm no closer to working out how I can use the management system, to set up a monitoring port for showeq.

I was wondering if anyone had expreience with doing this, and could give me a tip or 2.

(ok i found info about the SPAN functionality, that must be what i'm after. google is good )

http://www.showeq.net/forums/showthread.php?t=5395

No where in that thread does it tell the guy how to set up his Cisco switch to do port mirroring...

I was thinking there was a command to allow all traffic to be broadcast to all ports?

To the best of my knowledge you can mirror a port, but you can't change the switch into a hub in configuration. I'm no Cisco expert though.Perhaps there's a way.

Port Mirroring and/or Port Forwarding should the setting you are looking for.

There is a very good possability that the port you 'mirror to'/'forward to' will no longer be able to be used for standard communications. So escentually it becomes an exit only from the switch. Keep that in mind when you go to hook your linux system up to it. Note: that is dependant on the switch and I'm not 100% familiar with yours

Doesn't it come with a HTTP configuration tool, or are you stuck in the Cisco IOS command line stuff?

~ TK

Thanks guys.
In reply to Tor K'Tal, yes, there is a very comprehensive web based interface tool for the switch.

http://www.cisco.com/warp/public/473/41.html

SPAN is the functionality I think I need to use here ( see above link ).

Although I think your are correct in saying that its an exit only function and won't allow me to browse the web on my linux box while im using the feature.

I haven't finished exploring all the functions of this unit yet, so I will update you on what i find out.

Not being an expert in this area, its going to be trial and error.

You could always add a 2nd nic to the Linux machine, plug it into the "Mirrored" port and have pcap watch that one. Then plug the other card into a normal port.

I know its a crappy idea, but I also know how bad it hurts to not use SEQ after using it for almost 6 years.

The command your looking for on Cisco is

interface FastEthernet0/18
port monitor FastEthernet0/19
port monitor FastEthernet0/21

In this example ports 19 and 21 are being mirrored to port 18 (you will probably only need to mirror one port to another though).

And yes, you can still browse from the port that traffic is being mirrored too (in this case port 18).

Monster