Port mirroring

From Wikipedia, the free encyclopedia

Port mirroring is used on a network switch to send a copy of all network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN); some other vendors have other names for it, such as Roving Analysis Port (RAP) on 3Com switches.

An example of a SPAN configuration on a Cisco 2950 Switch is below.

  Monitor session 1 source interface fastethernet 0/1, 0/2, 0/3
  Monitor session 1 destination interface fastethernet 0/4 encap ingress vlan 1

The above example mirrors data from ports 0/1, 0/2 and 0/3 to the destination port 0/4 using vlan1 for vlan tagging.

To show the status of a SPAN monitor session use the following command.

  show monitor session 1

Where 1 is the session number from the above statement.

[edit] External links

Cisco Systems - Catalyst Switched Port Analyzer (SPAN) Configuration Example

Categories: Computer network analysis

Views

Interaction

Search

This page was last modified 21:27, 14 May 2008 by Wikipedia user Deanpemberton. Based on work by Wikipedia user(s) Ady, Zemadmat, Alaibot, Guy Harris, VoABot II, Gzcsy3, Ryan Roos, DéRahier, Cwolfsheep, TheParanoidOne, JonHarder, Krille, RobyWayne, Huwr and Maximus Rex and Anonymous user(s) of Wikipedia.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
About Wikipedia
Disclaimers