Problem solve Get help with specific problems with your technologies, process and projects.

Monitoring a switched environment

How does one use network monitoring tools with Ethernet switches instead of hubs. I am trying to use tools like tcpdump and snort. If WorkStation A is your monitoring station then it won't pick up traffic between WS B and WS C. It can pick up broadcasts and communications with WS A. So how do you monitor a switched environment?
Many switches have the option to allow port span. What is port span? The Switched Port Analyzer Feature (SPAN) feature was introduced because, as you stated, once a switch learns a MAC address is on a particular port traffic is forwarded directly to that individual port. This is unlike a hub where all the ports see all the traffic.

I would suggest checking out the documentation for your make and model of switches to learn more about its implememtation.

This was last published in December 2002

Dig Deeper on Network management and monitoring

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.