Port monitoring

Answered Question
Sep 16th, 2009
User Badges:
  • Purple, 4500 points or more

Is there any possible way of a monitored port (source port) to stop forwarding traffic because either the destination port device was offline or crashed (like Wireshark)?


I need to set up port mirroring for Snort, but I don't know how much traffic I'm going to really see. If it overloads the box that I have it on, I don't want the source to stop sending traffic for any reason.


Thanks,

John

Correct Answer by rducombl about 7 years 9 months ago

Hi John,


I suppose you plan to use span on a cisco switch for that. In that scenario source span port will continue to operate normally

no matter whether span destination is up, is connected or is running. You may even set up port mirroring without any span destination it won't impact the traffic.


Roland

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rducombl Wed, 09/16/2009 - 06:28
User Badges:
  • Cisco Employee,

Hi John,


I suppose you plan to use span on a cisco switch for that. In that scenario source span port will continue to operate normally

no matter whether span destination is up, is connected or is running. You may even set up port mirroring without any span destination it won't impact the traffic.


Roland

John Blakley Thu, 09/17/2009 - 06:22
User Badges:
  • Purple, 4500 points or more

Thanks Roland. It works good, and I had to bring the IDS down yesterday while monitoring was going on (just to test). Everything stayed up. :)


John

Actions

This Discussion