Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,930 --> 00:00:09,500 Now in this topology I'm not using genus 3 genus 3 and Sysco viral do not currently support spam. 2 00:00:09,600 --> 00:00:17,940 So what I'm using are physical Cisco routers which are connected to 20 950 physical Cisco switches which 3 00:00:17,940 --> 00:00:26,980 in turn are connected to 30 750 Cisco switches I've got a PCI connected to the 30 750 switch and it's 4 00:00:27,000 --> 00:00:32,250 running wire shock and we'll use it to capture traffic from the network. 5 00:00:32,270 --> 00:00:37,610 Now I'm going to demonstrate in a moment that when traffic is sent from Rod a 1 2 rod or 2. 6 00:00:37,640 --> 00:00:44,750 In other words unique cost traffic such as pings or telnet or sent from router 1 to Rod add to the traffic 7 00:00:44,750 --> 00:00:52,430 will be sent to the first 29 50 which in turn will be sent to the first 30 750 which in turn will be 8 00:00:52,430 --> 00:00:57,640 sent to the thirty seven fifty two switch and that will continue until the traffic arrives at about 9 00:00:57,640 --> 00:01:07,250 a 2 thus capturing P.S. will not have visibility of unit cost traffic because when the MAC address table 10 00:01:07,250 --> 00:01:14,110 of switch one is populated it's simply going to switch the traffic from this interface to for example 11 00:01:14,120 --> 00:01:21,510 this interface to forward the traffic it to traffic is only going to be sent out of this interface if 12 00:01:21,510 --> 00:01:28,850 it's sent it to unknown unit cost addresses multicast addresses or broadcast addresses or specifically 13 00:01:28,860 --> 00:01:35,860 sent to this capturing device so the capturing device will have no visibility of traffic sent from road 14 00:01:35,860 --> 00:01:43,770 a one two road a two unless we enable span or port of monitoring on the thirty seven fifty switch. 15 00:01:43,770 --> 00:01:49,680 So firstly demonstrate that traffic sent from Rado want to write it to is not received by the capturing 16 00:01:49,690 --> 00:01:56,370 P.C. and then will configure span on the switch so that the P.C. is able to capture the traffic using 17 00:01:56,370 --> 00:01:58,090 Y shock. 18 00:01:58,110 --> 00:02:06,660 Now in this topology I'm not using genus 3 genus 3 and Cisco viral do not currently support spam. 19 00:02:06,780 --> 00:02:15,150 So what I'm using are physical Cisco routers which are connected to 29 50 physical Cisco switches which 20 00:02:15,150 --> 00:02:19,740 in turn are connected to 30 750 Cisco switches. 21 00:02:19,810 --> 00:02:27,340 I've got a PCI connected to the 30 750 switch and it's running wires shock and we'll use it to capture 22 00:02:27,340 --> 00:02:29,460 traffic from the network. 23 00:02:29,470 --> 00:02:34,800 Now I'm going to demonstrate in a moment that when traffic is sent from Rod a 1 2 rod a 2. 24 00:02:34,840 --> 00:02:36,160 In other words unique cost. 25 00:02:36,160 --> 00:02:42,760 Traffic such as pings or telnet or sent from router 1 to Rod add to the traffic will be sent to the 26 00:02:42,760 --> 00:02:50,500 first 20 50 which in turn will be sent to the first 30 750 which in turn will be sent to the thirty 27 00:02:50,500 --> 00:02:55,740 seven fifty two switch and that will continue until the traffic arrives at right at 2. 28 00:02:55,990 --> 00:03:04,450 Thus capturing P.S. will not have visibility of unit cost traffic because when the MAC address table 29 00:03:04,450 --> 00:03:11,310 of switch one is populated it's simply going to switch the traffic from this interface to for example 30 00:03:11,320 --> 00:03:17,380 this interface to forward the traffic to it to traffic is only going to be sent out of this interface 31 00:03:18,560 --> 00:03:26,050 if it's sent to unknown unique cost addresses multicast addresses or broadcast addresses or specifically 32 00:03:26,060 --> 00:03:28,880 sent to this capturing device. 33 00:03:28,880 --> 00:03:35,990 So the capturing device will have no visibility of traffic sent from road a 1 2 Road a 2 unless we enable 34 00:03:35,990 --> 00:03:40,860 span or port of monitoring on the thirty seven fifty switch. 35 00:03:40,980 --> 00:03:46,880 So firstly demonstrate that traffic sent from Rado want to write it to is not received by the capturing 36 00:03:46,890 --> 00:03:53,570 P.C. and then will configure span on the switch so that the P.C. is able to capture the traffic using 37 00:03:53,570 --> 00:04:07,390 Y shock as the console of the 37 50 switch show MAC address table some MAC addresses are listed in the 38 00:04:07,390 --> 00:04:07,840 table 39 00:04:11,240 --> 00:04:23,650 what I'll do now is ping from wrote a one to Robert to show IP interface brief Rada one has this IP 40 00:04:23,650 --> 00:04:34,050 address and write it to has this IP address which we can see on the console of right a T so that is 41 00:04:34,050 --> 00:04:35,460 the IP address of Robert A T 42 00:04:38,700 --> 00:04:47,650 A 1 is once again able to ping Robert it 2 so when we look at the MAC address table off switch one previously 43 00:04:47,650 --> 00:04:55,810 we only had those three MAC addresses in the table but now notice we have this MAC address as well as 44 00:04:55,900 --> 00:05:06,010 this MAC address in the table I have configured the MAC address of a one as follows some using a Cisco 45 00:05:06,130 --> 00:05:13,120 vendor code MAC address and to make it simple I've specified the MAC address of root of 1 as follows 46 00:05:14,450 --> 00:05:23,840 On rather it too often something similar so MAC address is the Cisco vendor code zeros and a two so 47 00:05:23,870 --> 00:05:30,950 at this point the first thirty seven fifty switch has learnt about the MAC addresses of right one and 48 00:05:30,950 --> 00:05:39,240 wrote a two to keep things simple I haven't configured any villains all devices on VLAN 1 Let's capture 49 00:05:39,240 --> 00:05:44,720 traffic in why shock on our P.C.. 50 00:05:45,060 --> 00:05:47,460 So it's currently receiving some traffic 51 00:05:51,270 --> 00:06:01,580 let's do a ping from route one to write it to once again and I'll filter for ICMP traffic in the output. 52 00:06:01,580 --> 00:06:11,110 Here you can see that the PCI is not receiving any ICMP traffic from router 1 2 out of 2 and in the 53 00:06:11,110 --> 00:06:18,600 same way if reported to pings write a one no ICMP traffic is shown on the capturing. 54 00:06:18,600 --> 00:06:28,470 P.S. but if four out of one pings this window's P.C. which has an IP address of 10 dot wondered one 55 00:06:28,470 --> 00:06:29,500 to triple to 56 00:06:33,190 --> 00:06:36,490 notice we see the ICMP packets. 57 00:06:36,490 --> 00:06:47,280 So why shock is able to capture traffic from 10 1 1 1 going to 10 1 1 2 2 2 so the piece is not able 58 00:06:48,360 --> 00:06:54,830 to capture unique cost traffic st from road 1 to round 2. 59 00:06:54,950 --> 00:07:04,420 What about multicast traffic in this example you can see that the ICMP traffic was received to the multicast 60 00:07:04,420 --> 00:07:11,880 address so wrought a one with IP address tendered wandered wandered one be sending traffic to the multicast 61 00:07:11,900 --> 00:07:14,510 address 239 wandered wandered 1 62 00:07:17,560 --> 00:07:23,770 you can see as an example that the source MAC addresses Route One destination MAC address is 0 1 0 0 63 00:07:23,770 --> 00:07:32,770 5 v which is the multicast MAC address in IP version for as you can see over there what about a broadcast 64 00:07:33,340 --> 00:07:43,610 so ping tendered one that one the 255 and I'll just repeat this once as you can see here broadcast traffic 65 00:07:44,060 --> 00:07:53,060 is being received by the P.C. so in other words unique cos traffic is sent from router 1 to the capturing 66 00:07:53,060 --> 00:07:59,430 device is forwarded out of this port and that's based on the Mac address 67 00:08:02,370 --> 00:08:08,910 shown here as learnt by the 30 750 switch on this P.C. 68 00:08:13,710 --> 00:08:15,160 on have changed. 69 00:08:18,180 --> 00:08:19,890 The MAC address in Windows 70 00:08:23,040 --> 00:08:26,090 2s a bunch of zeros and a one. 71 00:08:26,100 --> 00:08:28,050 So the MAC address is 72 00:08:31,130 --> 00:08:34,160 eleven zeros followed by one. 73 00:08:34,180 --> 00:08:43,760 And that was learnt by the switch on Fost Ethan at 1 0 5 as shown over here so unique cost traffic gets 74 00:08:43,760 --> 00:08:52,030 forwarded to the P.C. multicast traffic gets forwarded to the P.C. and that's because multicast MAC 75 00:08:52,030 --> 00:08:57,970 addresses are not added to the MAC address table in the same way that a unit cost of MAC addresses are 76 00:08:58,600 --> 00:09:02,560 broadcast traffic is also forwarded to the P.C.. 77 00:09:02,560 --> 00:09:03,460 So to summarize 78 00:09:07,690 --> 00:09:12,600 I'll restart to the white shock capture unicorns. 79 00:09:12,600 --> 00:09:19,400 Traffic sent from Rhonda want to write it too is not received by the capturing device multicast traffic 80 00:09:19,790 --> 00:09:29,260 is received broadcast traffic is received if we want to capture traffic from right one to write it to 81 00:09:30,070 --> 00:09:37,300 for troubleshooting as an example we would need to enable span on this port or merging to use the other 82 00:09:37,300 --> 00:09:43,360 term so that traffic sent and received on this port or this port or on V land 1. 83 00:09:43,360 --> 00:09:50,140 In this example is forwarded out of this port so that the capturing device can see the traffic as another 84 00:09:50,140 --> 00:09:50,800 example. 85 00:09:50,830 --> 00:09:59,530 If we telnet from right of one to write it two and log in the capturing device does not see the Telnet 86 00:09:59,530 --> 00:10:05,930 traffic so we can't see the session from Radha one to write it too. 87 00:10:06,070 --> 00:10:09,080 And that's because the switch is doing what it's supposed to do. 88 00:10:09,310 --> 00:10:15,740 It's forwarding traffic from this interface to this interface and not sending it out of unnecessary 89 00:10:15,740 --> 00:10:16,860 ports. 90 00:10:16,870 --> 00:10:21,760 So now let's configure span so that the capturing device can see the unit cost to traffic. 10631