Packet Sniffing on a Switched Network
In the old days when everyone used hub based networks, packet sniffing was as easy as plugging a laptop into a port on one of those hubs. Although more modern switched networks provide more efficiency and speed in moving network data they can be a headache for those of us analyzing packets on a network.
There are a couple different solutions to this problem but one of the more common ones is port mirroring. Port mirroring is a feature available on most managed switches that allows you to copy all of the traffic from one port to another. Doing this, you can choose the port you want to analyze the traffic from and copy it to the port your packet sniffer is plugged in to.
Port mirroring is usually done from the command line interface of a managed switched so be sure and read your switches documentation to find out exactly how it is implemented by that particular switch manufacturer.
Chris Sanders is a network consultant for KeeFORCE, one of the most popular network consulting firms in western Kentucky. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.