Problem solve Get help with specific problems with your technologies, process and projects.

Monitoring a switched environment

How does one use network monitoring tools with Ethernet switches instead of hubs. I am trying to use tools like...

tcpdump and snort. If WorkStation A is your monitoring station then it won't pick up traffic between WS B and WS C. It can pick up broadcasts and communications with WS A. So how do you monitor a switched environment? Many switches have the option to allow port span. What is port span? The Switched Port Analyzer Feature (SPAN) feature was introduced because, as you stated, once a switch learns a MAC address is on a particular port traffic is forwarded directly to that individual port. This is unlike a hub where all the ports see all the traffic.

I would suggest checking out the documentation for your make and model of switches to learn more about its implememtation.

This was last published in December 2002

Dig Deeper on LANs (Local Area Networks)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.