Menu
What's new
By:
Filters Better Search

Ethernet switches and traffic monitoring

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

rahlquist

Occasional Visitor
Ok, my networking knowledge is not extensive but more than Joe average (at least in my age range). Back in 94 I was on my way to being a network admin till I was knocked off course to Systems Admin and a couple years later to software developer. I have a question about Ethernet switches. I understand the basic principals, they are smarter than a hub which takes every packet in and blasts it out over every connection. Instead a switch maps by mac address and if a packet is destined for mac 08:01:0c:ff:fa:02 and that mac is on connection 2 then it only sends the data there if I understand correctly(keeping it simple no vlans etc).

My question is this. Due to the nature of this mac based 'routing' is there anyway while using an etherswitch to monitor all of the traffic passing on a etherswitch backbone?
 
What level of monitoring are you looking for? You can monitor every packet on a port by setting up port mirroring on a semi-managed/managed switch, but then you'll need something hooked up to the port accepting the mirrored traffic to look at what is coming through.

This can be very useful for diagnostics.

Most semi-managed/managed switches have admin consoles that will allow basic levels of port monitoring, such as total packets/data passed through the port and some will allow you to see destination port for the traffic.

I am not as familar with L3 switches, they might allow a bit more IP level detail for network monitoring.

Generally things like stateful packet inspection and DPI require a router to the best of my knowledge.
 
rahlquist said:
Ok, my networking knowledge is not extensive but more than Joe average (at least in my age range). Back in 94 I was on my way to being a network admin till I was knocked off course to Systems Admin and a couple years later to software developer. I have a question about Ethernet switches. I understand the basic principals, they are smarter than a hub which takes every packet in and blasts it out over every connection. Instead a switch maps by mac address and if a packet is destined for mac 08:01:0c:ff:fa:02 and that mac is on connection 2 then it only sends the data there if I understand correctly(keeping it simple no vlans etc).

My question is this. Due to the nature of this mac based 'routing' is there anyway while using an etherswitch to monitor all of the traffic passing on a etherswitch backbone?
Click to expand...

for the OP... the managed or lightly managed switches can copy or eavesdrop packets on, say, port #3 to appear on, say, port #1. At your choice. Then on port #1 there's a PC. On the PC could be freeware like "wireshark.org" that, with expertise, can reveal all detail. Omitting that, some lightly or full managed switches show stats like packet traffic rates, etc.

The venerable Netgear GS108E (the E suffix is needed) is an example of a lightly managed switch (cheap by comparison to fully managed). I have one - I used it once in a while in my job work. Not otherwise needed.
http://www.amazon.com/dp/B0048U3FMS/?tag=snbforums-20


FYI
An ethernet hub (long extinct) duplicates traffic on port n to ALL other ports.
An ethernet switch (commonplace) moves traffic from one port ONLY to the port needed to continue the flow to the final addressed computer/device. That's why it's called a switch, not a hub.
Backbone isn't a term used with local area networks.
 
Last edited:
@azazel1024 was looking for full data. For trying to trap problems or errors.

@stevech thank you for that tip on the device that will make it much easier.

My (mis)use of backbone should have been backplane and is from the early days of Ethernet switching, I picked it up when the company I was working at bought a pair of Kalpana switches. At the time they rated what the internal backplane of the switch could handle. So it was a case of me using the wrong term.
 
Most semi-managed or fully managed switches should be able to do what you are asking. I say most only because I have heard of one or two examples were port mirroring wasn't working fully on a switch, despite the functionality supposedly being there.

Its always worked on any switch I've tried that had the functionality (all semi-managed and fully managed L2 switches I've used).
 
You must log in or register to reply here.

Similar threads

H
Securing iot devices with limitations and limited budget, well try maintain flexibility.
Replies
2
Views
1K
jasonreg
J
drinkingbird
Tutorial Repeaters vs Bridges vs Routers
Replies
3
Views
1K
sfx2000
sfx2000
A
System log and modem both going nuts
Replies
3
Views
1K
sfx2000
sfx2000
D
Sky-Q connected via Ethernet fails every 30 seconds with Asuswrt-Merlin
Replies
1
Views
2K
JDB
J
L
Tagged VLAN ping router but no internet
Replies
3
Views
2K
law1213
L
Similar threads
Thread starter Title Forum Replies Date
ptd18b Why is the ethernet speed on my phone faster than my laptop when they are plugged into the same network with the same cable? Other LAN and WAN 17
ruimarto SOHO network upgrade: XT9 vs XT12 vs DECO vs switches Other LAN and WAN 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 556 (members: 20, guests: 536)
Top