Q
Problem solve Get help with specific problems with your technologies, process and projects.

Monitoring a switched environment

How does one use network monitoring tools with Ethernet switches instead of hubs. I am trying to use tools like tcpdump and snort. If WorkStation A is your monitoring station then it won't pick up traffic between WS B and WS C. It can pick up broadcasts and communications with WS A. So how do you monitor a switched environment?
Many switches have the option to allow port span. What is port span? The Switched Port Analyzer Feature (SPAN) feature was introduced because, as you stated, once a switch learns a MAC address is on a particular port traffic is forwarded directly to that individual port. This is unlike a hub where all the ports see all the traffic.

I would suggest checking out the documentation for your make and model of switches to learn more about its implememtation.

This was last published in December 2002

Dig Deeper on Network management and monitoring

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close