In a network, is not only important to monitor server performance, it is equally important to control devices such as switches and routers. The exhibition in this article will focus primarily switches, but similar techniques can be applied to other types of network hardware.
The problem of switch
When controlling the use of hardware, switches present a special problem. In the normal method for measuring the use of a network, a sniffer monitors data packets as they flow through the network. If the nodes are connected by a hub, you can put a sniffer on a port empty on that hub and monitor all traffic passing through it. This is because all nodes included one part of the hub share a common collision domain. When a node transmits a data packet, that packet is sent through the hub ports and is received by each device connected to the hub itself.
The switches, however, are designed to isolate the gates. When a data packet through a port on a switch, that packet is sent only to the port where the destination device is connected. A switch provides more performance than a hub so you do not have to worry about collisions. But at the same time, this means you can not insert an empty port sniffer and monitor all traffic through that switch. This makes controlling the use of a switch particularly insidious.
Another factor that makes difficult the monitoring of a switch is that there is no real standard for its design. In its products, each vendor develops a different feature set. Consequently, a control technique that adapts well to a Cisco switch could not operate on a device 3Com.
Port Mirroring
Most high-end switches made in recent years support a feature called port mirroring. The idea behind this technique is that you can do on a particular port mirroring monitoring traffic going through any door. Port mirroring is a generic term and the various switch suppliers have given their names to such technology. For example, Cisco calls the port mirroring Span, which stands for Switched Port Analyzer
Port mirroring is not usually enabled by default. It is usually an administrator to choose which ports should be controlled. The switches use Cisco CatOS, which allows the administrator to configure devices through an interface through command line (some switches also provide a graphical interface). For example, if an administrator wants to control ports 1, 2 and 3 and 6 would have the port as destination port, you may use the following commands:
Monitor session 1 source interface fastethernet 0 / 1 0 / 2, 0 / 3
Monitor session 1 destination interface fastethernet 0 / 6
Note that these commands only enable port mirroring. You still have to put a sniffer in the control port and interpret the data it collects. It is worth noting that not all sniffers are designed the same way: some have no analytical skills. The best solution is probably trying to monitor an application specifically designed to control the switches. The software can control the level of traffic flowing through a switch and comparison with threshold values. If a threshold is exceeded, you can configure the application to face off an alarm.