China
Africa
Explore chapters and articles related to this topic
Technology
Published in Park Foreman, Vulnerability Management, 2019
Port mirroring, also called a switched port analyzer (SPAN) by Cisco, is a very commonly available technology in modern network switches. Figure 4.3 explains how SPAN works. This is a basic SPAN configuration where the contents of a pair of virtual local area networks (VLANs) are copied to a physical port on the switch. The network administrator has the option of specifying ingress traffic only, egress traffic only, or both ingress and egress traffic; typically, both are desirable so that the analyzer can see each side of the conversation. There are complications and limitations to the SPAN function that will vary by model, brand, and features installed on the switch. Some simple switches can only copy traffic that is coming in via a physical port and not off the backplane of the switch. Some can see traffic on a single VLAN, and others can look at trunked VLANs.
Troubleshooting
Published in Steve Church, Skip Pizzi, Audio Over IP, 2012
Sniffers are software applications that run on PCs, which can listen in on the packets flowing on an Ethernet link. High-end Ethernet switches include a port-mirroring function that lets you designate a monitoring port that mirrors (copies) traffic on any other port you select. The PC running the sniffer connects to the monitoring port.
FPGA based Industrial Ethernet Network Analyser for Real-time Systems Providing Openness for Industry 4.0
Published in Enterprise Information Systems, 2022
Jacek Stój, Adam Ziębiński, Rafał Cupek
Hubs used to be the implementation of choice to realise network sniffing. Nowadays, port mirroring is applicable together with popular packet sniffing tools like Wireshark or Tcpdump (Cupek et al. 2019). That solution, however, in some cases cannot be accepted. In systems where topology is configured and monitored by industrial controllers, the addition of another network device, like a managed Ethernet switch with port mirroring, may not be possible. Moreover, there may be some other restrictions to the switch application. For example, when considering the Profinet IRT industrial Ethernet communication protocol (Goyal and Goyal 2017), there are no switches that provide both the isochronous IRT real-time communication class and port mirroring function. Another thing is that from the point of view of industrial real-time systems, another device influences the temporal characteristic of the network by introducing an additional delay in the data exchange. It is a crucial aspect in real-time systems where data transfer has to be performed within strict time limits (‘Network delay analysis of EtherCAT and PROFINET IRT protocols – IEEE Conference Publication’ 2020).