The official term of Cisco for Packet sniffing is SPAN ( Switched Port Analyzer ) also called sometimes port mirroring or port monitoring and it’s purpose is to select traffic from a source and send to a destination with a network analyzer tool. You can find out there terms like RSPAN, PSPAN, VSPAN, ESPAN, but this are at their basic functionality nothing more than SPAN with some enhanced features ( e.g. ESPAN – Enhanced SPAN ) or describing their primary functionality ( e.g. VSPAN – Vlan SPAN – used to monitor vlans ).
Now, depending on you Cisco platform some of this xSPAN can be supported or not. A list with them you can find here.
On the high-class products, like 6500, you can find another device called NAM ( Network Analysis Module ) which enhance SPAN by providing a web interface and a local embedded traffic analyzer. Maybe someday, if I have a spare device I will make a short tutorial about NAM module.
For the basic SPAN configuration purpose I will use a c3750 as this method is supported on many more devices ( e.g. 3550, 3560, 2950, 2900XL). One notice before we begin. On the port where you redirect your SPAN traffic and where you connect your device with traffic analyzer, you don’t need a Layer 3 address. So, just let that port with plain Layer 2 configuration.
Please see the tutorial below:
