Traffic Mirroring - Salem73616C656D/reading-notes GitHub Wiki

Key Takeaways

Port Mirroring(SPAN): a method of monitoring network traffic which forwards a copy of each incoming and/or outgoing packet from one (or several) port(s) (or VLAN) of a switch to another port where the analysis device is connected. Port mirroring can be managed locally or remotely.

Drawbacks: It can consume significant CPU resources while active There is a risk of not receiving some packets (such as media errors) In the case of traffic congestion at the switch level, port mirroring is likely to drop some traffic (because the SPAN process does not have priority) In some cases, a better solution for long-term monitoring may be a passive TAP or an Ethernet repeater

Vocabulary

No new vocabulary

Conclusion

Port Mirroring or SPAN is a way to allow traffic monitoring on a network. It allows an interface on a switch to collect all the traffic going through, and send it to a collection server, or monitoring machine.