A network can be monitored using a technique called port mirroring. When port mirroring is enabled, each data packet that comes into or out of a specific switch port is copied and sent to a destination port. Once the copied packet reaches the destination port, it can be examined by a security application or monitored by software. Following implementation, mirroring can alert administrators to network problems and contribute to troubleshooting. Port mirroring switch configurations are set up by administrators or through a security application. To do this, they assign one port to copy the data, and a second one to receive and evaluate the mirrored data.
Using a Protocol Analyzer or Packet Sniffer
During the port mirroring process, a protocol analyzer is key. The analyzer is located on the port that receives the mirrored packets. This analyzer may also be referred to as a network analyzer or a packet sniffer, because it routinely inspects and evaluates the data. An analyzer can be a physical device or software that evaluates the packets. Port mirroring is a standard IT industry term. Manufacturers have other names for the technology, which they use in describing their networking product features. Vendor terms include switched port analyzer (SPAN) and roving analysis port (RAP).
Network Monitoring Techniques
The technique of port mirroring can support network monitoring, facilitate component diagnostics, and potentially thwart network attacks. Port mirroring methods are used in LANs, VLANs and WLANs. After at least two ports are interconnected, data traffic may be transmitted to the analyzer or to a monitor. Since data is forwarded to another port for analysis, the client on the first port is not impacted by the monitoring process.