Port monitoring

Answered Question
Sep 16th, 2009

Is there any possible way of a monitored port (source port) to stop forwarding traffic because either the destination port device was offline or crashed (like Wireshark)?

I need to set up port mirroring for Snort, but I don't know how much traffic I'm going to really see. If it overloads the box that I have it on, I don't want the source to stop sending traffic for any reason.

Thanks,

John

I have this problem too.
0 votes
Correct Answer by rducombl about 7 years 4 months ago

Hi John,

I suppose you plan to use span on a cisco switch for that. In that scenario source span port will continue to operate normally

no matter whether span destination is up, is connected or is running. You may even set up port mirroring without any span destination it won't impact the traffic.

Roland

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rducombl Wed, 09/16/2009 - 06:28

Hi John,

I suppose you plan to use span on a cisco switch for that. In that scenario source span port will continue to operate normally

no matter whether span destination is up, is connected or is running. You may even set up port mirroring without any span destination it won't impact the traffic.

Roland

John Blakley Thu, 09/17/2009 - 06:22

Thanks Roland. It works good, and I had to bring the IDS down yesterday while monitoring was going on (just to test). Everything stayed up. :)

John

Actions

This Discussion