[CentOS] What about port mirroring? (Was: Switch to measure traffic at IP level)
John R Pierce
pierce at hogranch.com
Fri Oct 23 17:26:17 UTC 2009
Neil Aggarwal wrote:
> Hello everyone:
> I was just reading an ntop guide and it mentioned
> many switches have port mirroring.
> According to what I am reading, the Cisco I am using
> will copy all traffic to the mirror port. Then,
> I can monitor what is going on from there.
> That seems like a good way to do this.
> Are there any pitfalls with this approach?
yeah, a 1gig port can't handle all the traffic from N 1gig ports. heck,
ti can't even handle all the traffic from a single full duplex connection
btw, someone mentioned NTOP... I played with this and found it can
consume a LOT of cpu calculating statistics on the fly.
More information about the CentOS