You'll find that some network problems can only be solved by sticking a packet sniffer on the network and seeing what the packets are doing. In a switched environment, this will not work properly since each port is configured to only broadcast traffic destined for the MAC addresses it has learned. This means your packet sniffer will only receive broadcast packets and packets destined for the host. You can use Cisco <acronym title="Switched Port Analyzer">
SPAN</acronym>
to copy all of one port's packets onto another port.
In this very basic configuration, we'll put all inbound and outbound packets for port Fa0/12 onto Fa0/11. This configuration example is from a Cisco Catalyst 2960.
monitor session 9 source interface Fa0/12
monitor session 9 destination interface Fa0/11
That's all there is to it. To disable the SPAN session, simply issue the no monitor session 9
command at the configuration prompt.
There are many more complex SPAN configurations (including the ability to monitor a port on a remote Cisco Catalyst), but this basic configuration should cover most incidents.