Network Port Monitoring by Anthony Sequeira

For troubleshooting purposes, you might want to analyze packets flowing over a network. To capture packets (that is, store copies of packets on a local hard drive) for analysis, you could attach a network sniffer to a hub. Because a hub sends bits received on one port out all other ports, the attached network sniffer sees all traffic entering the hub.

Several standalone network sniffers are available. However, a low-cost way to perform packet capture and analysis is to use software such as wireshark, as shown in Figure 11_21.

A challenge arises, however, if you connect a network sniffer (for example, a laptop running the Wireshark software) to a switch port rather than to a hub port. Because a switch, by design, forwards frames out ports containing the frames' destination addresses, a network sniffer attached to one port would not see traffic destined for a device connected to a different port.

For example, in Figure 11-22, traffic enters a switch on port 1 and, based on the destination MAC address, exits via port 2. However, a network sniffer is connected to port 3 and is unable to see (and therefore capture) the traffic flowing between port 1 and 2.

Fortunately, some switches support a port mirroring feature, which makes a copy of traffic seen on one port and sends that duplicated traffic out another port (to which a network sniffer could be attached). As shown in Figure 11-23, this switch is configured to mirror traffic on port 2 to port 3, allowing a network sniffer to capture the packets that need to be analyzed. Depending on the switch, locally captured traffic could be forwarded to a remote destination for centralized analysis of that traffic.

About The Author

Anthony Sequeira, CCIE No. 15626, is a Cisco Certified Systems Instructor (CCSI) and author regarding all levels and tracks of Cisco Certification. Anthony formally began his career in the information technology industry in 1994 with IBM in Tampa, Florida. He quickly formed his own computer consultancy, Computer Solutions, and then discovered his true passion-teaching and writing about Microsoft and Cisco technologies. Anthony joined Mastering Computers in 1996 and lectured to massive audiences around the world about the latest in computer technologies. Mastering Computers became the revolutionary online training company, KnowledgeNet, and Anthony trained there for many years. Anthony is currently pursuing his second CCIE in the area of Security and is a full-time instructor for the next-generation of KnowledgeNet, Anthony is also a VMware Certified Professional.

CompTIA Network+ N10-008 Cert Guide contains proven study features that allow you to succeed on the exam the first time. Expert instructor Anthony Sequeira shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills, essential for successful completion of the performance-based testing items on the exam. This complete, CompTIA-approved study package includes the following:

A test-preparation routine proven to help you pass the exams
Clearly defined chapter learning objectives covering all N10-008 exam topics
Chapter-ending review questions and exam preparation exercises, which help you drill on key concepts you must know thoroughly
The powerful Pearson Test Prep practice test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
40 performance-based exercises to help you prepare for the hands-on exam questions
A free copy of the CompTIA Network+ N10-008 Simulator Lite software, complete with meaningful lab exercises that enhance your hands-on skills
More than 60 minutes of video mentoring
A final preparation chapter that guides you through tools and resources to help you craft your review and test taking strategies
An Exam Essentials appendix that quickly recaps all major chapter topics for easy reference, both in print and interactive digital format
A key terms Glossary in both print and on the companion website, which acts as an interactive flash-card application
Study plan suggestions and templates to help you organize and optimize your study time
A 10% exam discount voucher (a $33+ value!)

Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this approved study guide helps you master the concepts and techniques that ensure your exam success.

Master the topics on the CompTIA Network+ N10-008 exam, including:

Network topologies and media types
IP addressing
Network services
Data center architectures and cloud concepts
Routing, Ethernet switching, and wireless networking
Network availability and disaster recovery
Network security
Remote access
Network troubleshooting

Reader Paulo Cardoso says, "This is a great book. In addition, it comes with great additional resources."

Learn more about the CompTIA Network+ N10-008 Cert Guide at

Learn more at

More Network Troubleshooting and Support Articles:
• What is Structured Cabling for LANs (Local Area Networks)?
• Network Troubleshooting Basics
• Network Topology Diagram
• Disaster Recovery Planning and Network Services Continuity
• Network Cabling Do's and Don'ts
• Network Cabling Design
• Building the Backbone Network
• Structured Network Troubleshooting Methodology Step 3 Test the Theory to Determine the Cause
• How to Choose Work Area Network Cable Faceplate Locations
• Network Management Components - The Basics of an Effective Management Strategy