Port mirroring (roving analysis port)
Port mirroring is an approach to monitoring network traffic that involves forwarding a copy of each packet from one network switch port to another.
Port mirroring enables the administrator to keep close track of switch performance by placing a protocol analyzer on the port that's receiving the mirrored data. Port mirroring is a generic term. Various switch manufacturers each have their own names for the technology. For example, Cisco calls port monitoring SPAN, which stands for Switched Port Analyzer.
An administrator configures port mirroring by assigning a port from which to copy all packets and another port to which those packets will be sent. A packet bound for -- or heading away from -- the first port will be forwarded to the second port as well. The administrator must then place a protocol analyzer on the port that's receiving the mirrored data to monitor each segment separately. The analyzer sometimes called a sniffer or packet sniffer captures and evaluates the data without affecting the client on the original port.
Network administrators can use port mirroring as a diagnostic or debugging tool. Although port mirroring can consume significant CPU resources while active, it can be especially useful when fending off an attack.