Understanding Port Mirroring

Administrators need to have some way of monitoring network traffic as well as the performance of a switch. One of the ways in which you can do this is through Port Mirroring. Port Mirroring works by forwarding a copy of all inbound and outbound packets from one port of a switch to another port (designated by an administrator).

To use Port Mirroring an administrator must specify from which port to copy inbound and outbound packets and to which port the packets will be sent to. A copy of every inbound and outbound packet destined for the first port will be sent to the second port as well. When configuring port mirroring you specify at least one source port, this being the port number from which traffic is copied and one destination port, this being the port to which traffic is copied.

A protocol analyzer is used on the port that receives a copy of the data. Traffic can be captured and analyzed this way without affecting normal operation of the switch.

Some switches are only capable of supporting one-to-one port mirroring. With one-to-one port mirroring, a copy of each incoming and outgoing packet for a single port only is to another port on the switch. This means there can only be a single source port. In a many-to-one relationship, multiple source ports can be configured to forward a copy of all inbound and outbound traffic to one destination port. Dell PowerConnect 3324, 3348, 5212, 5224, 6024 and 6024F switches provide support for many-to-one port mirroring.

[tags]windows,monitor,microsoft,diana huggins,network traffic,port mirroring[/tags]

Article Written by

  • John

    Please remember that most switches, when port forwarding, will not forward malformed packets to the forwarding port. This can greatly limit what you see on the network.

    For more complete packet capture, you should spend the money and invest in a proper network tap.

  • Rony Krayem

    This Explanation is very essential, summarized and very clear.