Neil Aggarwal wrote: > Hello everyone: > > I was just reading an ntop guide and it mentioned > many switches have port mirroring. > > According to what I am reading, the Cisco I am using > will copy all traffic to the mirror port. Then, > I can monitor what is going on from there. > > That seems like a good way to do this. > > Are there any pitfalls with this approach? > yeah, a 1gig port can't handle all the traffic from N 1gig ports. heck, ti can't even handle all the traffic from a single full duplex connection btw, someone mentioned NTOP... I played with this and found it can consume a LOT of cpu calculating statistics on the fly.