In my job, I interact with data centers located all over the globe. And often, if I need to do a packet capture there is an ASA or F5 in the path that I can use for that purpose. But sometimes, either the traffic isn’t going through a device that I control or I need to prove that the traffic is making it out to the correct destination port. Because network taps are expensive, and keeping a span session ready for it on hundreds of thousands of switches isn’t feasible, I usually resort to having remote hands with a crash cart plug into the switch and span to that laptop. Today, while working this over with a colleague, a new solution occurred to me.

SPAN, RSPAN, and ERSPAN#

If you’re not familiar with the differences between these three, I’ll go over them briefly. Essentially, in a Cisco switch, you have the ability to “span” or mirror all traffic from a given switch port over to a different switch port.