I wanted to sniff packets from all ports in a switch, and the first thing I tried to do was to attach a PC to one port and run a netywork analyser software like ethreal in it. Then suddenly I realized my blunder. Unlike shared lan, a port in a switch receives only the traffic destined for that port....!
So I was curious on how sniffing was done in switches and found these technologies:
1. Port Mirroring
2. Switch Mirroring
In Port Mirroring, you map one monitored port to another mirrored port. So the traffic in monitored port will get reflected in mirrored port and can be used for analysis by a network analyser.
In Switch Mirroring the traffic from all ( or the configured ones) can be reflected in the mirrored port. The mirrored port shuld hav greater bandwidth to handle, this, but this mode is useful as all traffic can be seen in the mirrored port.
Another solution would be for Switch to support RMON MIBs. These MIBs give necessary information about the data transfer statistics in switch.
Subscribe to:
Post Comments (Atom)
About Me
- Anoop G
- Predictably Unpredicatble, lazy, careless, sincere, honest, caring, Trouble maker, emotional, likeable
No comments:
Post a Comment