Port mirroring
Port mirroring definition
Port mirroring is a technique that copies and sends network packets from one port to another. More specifically, port mirroring is used in network monitoring. All the traffic on one switch port is forwarded to another port that monitors and detects intrusion attempts, analyzes traffic, troubleshoots errors, and so on.
Network administrators configure port mirroring at the network switch or security application that monitors the network. Port mirroring helps admins detect problems before they escalate and develop solutions to resolve any network issue or vulnerability quickly. Port mirroring is used in local area networks (LANs), wireless local area networks (WLANs), and virtual local area networks (VLANs).
See also: network port, packet-switched network
Common port mirroring mistakes
- Incorrect port mirroring configuration can cause the network to experience additional issues.
- If the monitoring port has limited bandwidth, it can result in network packets dropping, meaning that the network traffic cannot be analyzed thoroughly.
- Overwhelming the monitoring port with too many mirrored ports and traffic can lead to performance issues.
- Selecting the wrong mirrored port for monitoring can cause administrators to overlook vital network traffic.
- Focusing on monitoring irrelevant traffic can result in wasting resources on analyzing data that will not provide helpful feedback on your network.