Configuring span on cisco catalyst switches - monitor & capture network traffic/packets

04-14-2015, 09:33 AM
Being able to monitor your network traffic is essential when it comes to troubleshooting problems, performing a security audit or even casually checking your network for suspicious traffic.

Back in the old days whenever there was a need to monitor or capture network traffic, a hub would be introduced somewhere in the network link and, thanks to the hub’s inefficient design, it would copy all packets incoming from one port out to all the rest of the ports, making it very easy to monitor network traffic. Those interested in hub fundamentals can read our Hubs & Repeaters article.

Of course switches work on an entirely different principle and do not replicate unicast packets out of every port on the switch, but keep them isolated unless it’s a broadcast or multicast.

Thankfully, monitoring network traffic on Cisco Catalyst switches is a straightforward process and does not require the presence of a hub. The Cisco method is called Switched Port Analyser also known as SPAN.

