Web OS 10.0 Application GuideChapter 5: Secure Switch Management n 113212777-A, February 2002Port MirroringPort mirroring is implemented to enhance the security of your network. For example, an IDSserver can be connected to the monitor port to detect intruders attacking the network.The port mirroring feature in Web OS 10.0 allows you to attach a sniffer to a monitoring portthat is configured to receive a copy of every single packet that is forwarded from the mirroredport. Web OS enables you to mirror port traffic for all layers (Layer 2 - 7).As shown in Figure 5-2, port 5 is monitoring ingress traffic (traffic entering the switch) on port1 and egress traffic (traffic leaving the switch) on port 3. You can attach a device to port 5 tomonitor the traffic on ports 1 and 3.Figure 5-2 Monitoring PortsFigure 5-2 shows two mirrored ports monitored by a single port. Similarly, you can have a sin-gle or groups of a mirrored port to a monitored port many mirrored ports to one monitored portWeb OS 10.0 does not support a single port being monitored by multiple ports.Packets are duplicated and sent to the mirrored ports after client or server port processing iscompleted. Data packets sent from a client to a virtual server are seen at the mirrored port asfollows: source IP address = client IP address destination IP address = real server IP address rather than the virtual server IP address.Conversely, the response from the server to the client will be seen as follows: source IP address =virtual server IP address destination IP address=client IP addressLinkDataActiveLinkDataActive98TX RXTXRXPower Console5TX RX4TX RX3TX RX1TX RX2TX RX6TX RX7TX RXLinkData1000Base-SXGigabitPoweredMirrored portsMonitoring portIngress trafficEgress traffic