Port Mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.
Port Mirroring features, which is supported in nearly all enterprise class switches (managed switches), allows other computers to see a network traffic which is not visible to them in general case.
Managed switches have a configuration interface (web-based or command-line console), which administrators may use to specify the source port(s) to be mirrored and the destination port, where copy of all packets will be forwarded.
Below pictures illustrate how port mirroring feature works.
Four computers (A, B, C and D) are shown on this example. On picture 1 they are connected to a managed switch with port mirroring support, while on picture 2 they are connected to a general switch without port mirroring support.
A network traffic is sent between computers A and B (one portion of data is sent from A to B and another portion is sent in reverse direction from B to A).
On picture 2 you will see how a general unmanaged switch works.
It forwards packets directly between ports, where computers A and B are connected to.
Other computers (C and D) do not see these packets.
On picture 1 you will see the same scenario, but on the switch with port mirroring function.
The network traffic is sent again between computers A and B.
But there is a computer D, which is listening (monitoring) to that traffic.
Every packet, which is sent or received by computer A is duplicated (mirrored) to computer D port.
When configuring port mirroring on the switch, the "source monitoring port" is a port, where computer A is connected to and the "destination analysis port" is a port, where computer D is connected to.
Picture 1. Managed Switch with Port Mirroring | Picture 2. General Switch |
How Port Mirroring function can be used for recording voip calls?
MiaRec leverages port mirroring capability of a network switch to accomplish "unobtrusive" recording of voip calls.
The switch forwards to MiaRec server a copy of every network packet sent or received by IP phones.
Below picture illustrates how the network should be configured to allow a recording of calls.
In this example, one of IP Phones makes a call to a remote phone outside of the local network (whether it is analog phone, cellular or IP Phone).
The network traffic from IP Phone goes through a switch and then to IP PBX.
MiaRec server receives a copy of every network packet, which is sent or received by IP Phone.
By using intelligent packet capturing technology, MiaRec can detect Voip-related packets inside the network traffic, decode them and save audio part on a disk.
Read also:
- A list of Switches with Port Mirroring support
- What is a HUB?
- How to configure Port Mirroring for call recording in different scenarios