Question

A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.

Answer 1

Q A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.

Ans: Firstly let's know about the switch.As we all know that the switches are the building blocks of a network.It is also called the bridging hub,switching hub.In simple words we can say that the switch is a networking hardware that basically connects the multiple devices ( like servers, computers ,printers,wireless access points) in the same network.The switches allow us to connect the devices communicate with them and share the information.

The switches basically manage the flow of the data across the network by the  transmitting the  received network packet in one or more devices for which the network is basically planned.Every devices that are connected by the switch are basically identified by its network address, that allow the switch to direct the flow of the traffic that maximize the efficiency and the security of the network.

Types of the Network Switches:

1) Unmanaged Switch: This types of switches are basically used to achieve the basic connectivity without any configuration options or interface .This types of switches are mostly preferred in the small homes and offices environment or wherever need the few ports.

2) Managed Switch: This types of switches are also called the smart switches.This types of switches gives the user more  flexibility to configure the switches as they need.

Function of the switches:

• It eliminate the collisions.
• It has low latency.
• It is easy to install.
• It saves the cost.

How a switch can be configured to monitor traffic flowing along its ports:

As we know that the current commercial switches use primarily Ethernet interfaces.The main function of the Ethernet switch is basically provides the multi-port layer-2 bridging. Layer-2 network device is a multi-port device that basically uses the MAC address , hardware addresses for the processing and forward data at the data link layer (layer 2).The bridges basically learn the  MAC address for each connected device.And the bridges also buffer the  incoming packet and also adapt the transmission speed to the outgoing port.

To monitor the traffic it is difficult , that the bridge uses the switch this is because  the receiving ports and the sending ports can see the traffic.For the monitoring the traffic some methods are designed that basically allows the  network analyst to monitor traffic that include the following:

• SMON: It stands for the "Switch Monitoring". This is described by the  RFC 2613 , this is basically a protocol that control the facilities such as port mirroring.
• Port mirroring: In this the switch basically send a copy of network packets that monitor the network connection.
• RMON: It stands for the Remote network monitoring .This is the process of the monitoring the network traffic on the remote  Ethernet segment that detect the network issues like network collision,dropped packets and traffic congestion.
• sFlow: It stands for the sampled flow.It is basically the industry standard for packet export at the 2nd layer of the OSI model.It main purpose is that it monitor the network.

THANKS , i think this will give you a better intuition about your question. If you have any doubt feel free to ask in the comment section.