Packet Sniffing on a Switched Network

by Chris Sanders [Published on 18 Oct. 2007 / Last Updated on 18 Oct. 2007]

Packet sniffing is one of the best ways to analyze network problems. Unfortunately, doing this on a switched network can be a bit tricky.

In the old days when everyone used hub based networks, packet sniffing was as easy as plugging a laptop into a port on one of those hubs. Although more modern switched networks provide more efficiency and speed in moving network data they can be a headache for those of us analyzing packets on a network.

There are a couple different solutions to this problem but one of the more common ones is port mirroring. Port mirroring is a feature available on most managed switches that allows you to copy all of the traffic from one port to another. Doing this, you can choose the port you want to analyze the traffic from and copy it to the port your packet sniffer is plugged in to.

Port mirroring is usually done from the command line interface of a managed switched so be sure and read your switches documentation to find out exactly how it is implemented by that particular switch manufacturer.

***

Chris Sanders is a network consultant for KeeFORCE, one of the most popular network consulting firms in western Kentucky. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

See Also

Featured Links