Routers

Unless port mirroring or other methods such as RMON or SMON are implemented in a switch, it is difficult to monitor traffic that is bridged using a switch because all ports are isolated until one transmits data, and even then only the sending and receiving ports can see the traffic. These monitoring features rarely are present on consumer-grade switches.

Two popular methods that are specifically designed to allow a network analyst to monitor traffic are:

* Port mirroring — the switch sends a copy of network packets to a monitoring network connection.
* SMON — “Switch Monitoring” is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.

Another method to monitor may be to connect a Layer-1 hub between the monitored device and its switch port. This will induce minor delay, but will provide multiple interfaces that can be used to monitor the individual switch port.

This entry was posted on Monday, March 31st, 2008 at 9:03 pm and is filed under Network Switch. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.