A network administrator needs to analyze all traffic from a specific server to troubleshoot a suspected application issue. The goal is to capture the full contents of every packet sent to and from the server's switch port without disrupting the server's connectivity. Which of the following technologies should the administrator use?
The best technology for this scenario is port mirroring. Port mirroring, also known as Switched Port Analyzer (SPAN), allows you to copy all network packets from a source port (or VLAN) to a destination port on the same switch. A packet analyzer can then be connected to the destination port to capture and analyze the traffic in detail without affecting the live network traffic on the source port. SNMP is used for collecting statistics and managing network devices, not for capturing full packet data. Flow data provides metadata about traffic (like source/destination IPs and volume) but not the packet content. Log aggregation is used for collecting and centralizing log files from various devices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is port mirroring used for?
Open an interactive chat with Bash
How does port mirroring affect network performance?
Open an interactive chat with Bash
What is the difference between port mirroring and SPAN?