[CentOS] What about port mirroring? (Was: Switch to measure traffic at IP level)

John R Pierce pierce at hogranch.com
Fri Oct 23 17:26:17 UTC 2009

Neil Aggarwal wrote:
> Hello everyone:
> I was just reading an ntop guide and it mentioned
> many switches have port mirroring.
> According to what I am reading, the Cisco I am using
> will copy all traffic to the mirror port.  Then,
> I can monitor what is going on from there.
> That seems like a good way to do this.
> Are there any pitfalls with this approach?

yeah, a 1gig port can't handle all the traffic from N 1gig ports.  heck, 
ti can't even handle all the traffic from a single full duplex connection

btw, someone mentioned NTOP... I played with this and found it can 
consume a LOT of cpu calculating statistics on the fly.

More information about the CentOS mailing list