For any network sniffer (analyzer) or Network Intrusion Detection Systems to work, the concept that is applied behind the scenes is 'Network Port Mirroring'.
Port mirroring is needed for traffic analysis on a switch because a switch normally sends packets only to the port to which the destination device is connected. Hence most switches support configuring a 'port mirroring' to send a copy of each network packet to an other port (local port or a separate VLAN port).
The following links are worth a perusal.
http://searchnetworking.techtarget.com/definition/port-mirroring
https://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/port-mirroring-qfx-series-understanding.html
Port mirroring is needed for traffic analysis on a switch because a switch normally sends packets only to the port to which the destination device is connected. Hence most switches support configuring a 'port mirroring' to send a copy of each network packet to an other port (local port or a separate VLAN port).
The following links are worth a perusal.
http://searchnetworking.techtarget.com/definition/port-mirroring
https://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/port-mirroring-qfx-series-understanding.html
No comments:
Post a Comment