What Is Port Mirroring?
Please note: this is legacy documentation. Please check out https://docs.miarec.com/all/ for the most up-to-date documentation and user guides.
Port Mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed. Port Mirroring function is supported by almost all enterprise-class switches (managed switches).
The Port Mirroring function is best described when comparing a regular switch and a switch with port mirroring support.
Here, you see network the traffic sent between computers A and B.
The MAC table in the memory of the switch contains information on which port is connected to a particular computer.
Switch knows that:
- Port #1 (first on the left) is not connected.
- Port #2 is connected to A
- Port #3 is connected to B
- Port #4 is connected to C
- Port #5 is connected to D
When the switch receives a packet from A to B, it routers this packet to port #3 (because B is on port #3).
Other computers (C and D) do not see this network traffic. It is hidden from them.
Conclusion: With a regular switch the network traffic is visible only to computers, which directly participate in a communication. Other computers do not see the traffic, which is not destined for them.
Switch With Port Mirroring
In Figure 2 you see a similar scenario: the network traffic is sent between computers A and B.
But there is a small difference: this switch supports port mirroring function. And administrator has configured the switch to mirror to computer D all network packets, which are transmitted between computers A and B.
Computer D is a listener to the traffic. Computer D can be used for network logging or call recording if we have IP phones instead of computers A and B .
Conclusion: Port mirroring allows a particular computer to see the network traffic, which is normally hidden from it.
How Port Mirroring function is used for VoIP call recording?
The image below illustrates the usual configuration of the network, which enables call recording.
In this example, one of the IP Phones makes a call to a remote phone outside of the local network (whether it is an analog phone, cellular, or another IP Phone). Network traffic from IP Phones goes through a network switch with port mirroring. The switch sends to MiaRec a copy of every network packet, sent or received by IP Phone. By using intelligent packet capturing technology, MiaRec detects VoIP-related packets inside the network traffic, decodes them, and saves audio on a disk.