The Switched Port Analyzer (SPAN) feature—sometimes called port mirroring or port monitoring—selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes.
Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark open source code. This tool is a command-line version of Wireshark that captures and decodes packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic.
Ethanalyzer and SPAN
Ethanalyzer is a tool that collects frames that are destined to, or originate from, the Nexus 5000 control plane. Node to switch or switch to switch traffic can be seen with this tool.
SPAN is a feature whereby frames that are transient to the switch are copied to a second port for analysis. Node to switch or node to node traffic can be seen via this method.
The main difference between the Ethanalyzer and SPAN feature is that the Ethanalyzer captures control-plane traffic, while SPAN captures all traffic.Of course for remote span (across layer3), we use ERSPAN.
Netflow is another snipping protocol used to collect granular details between 2 vnics/hosts/ports or a vlan.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/troubleshooting/guide/N5K_Troubleshooting_Guide/n5K_ts_oview.html
More on this later....
Ok, got a chance to go over this topic with some more information on ERSPAN
http://packetpushers.net/erspan-new-favorite-packet-capturing-trick/
Uses Capture Filter -->ip proto 0x2f (in wireshark) - Any traffic with a GRE header (ERSPAN traffic)
