Javvin Packet Analyzer User's Manual

Overview

Professional and enterprise

Version and upgrade

Install and Uninstall

Installation Environment

Get Started to Use

Create a Project and Capture Traffic

Select Capture Sources

Use Menu bar

Use Toolbar

Use Context menus

Use Start Page

Use Dock windows

Understand and Use Tab views

Choose System Options

Restart Capture and Do Automatic Capture

Project settings

HManage Data

Understand Statistics

Manage Filters

Use Command Line to Operate the Analyzer

Do TCP session Reconstruction Using Packet Analyzer

Set and Use Name Table

Manage Logs

Decode Packets

Customize User Interface

Optimize the Performance of the Analyzer

free download Free to try

Order Packet Analyzer Buy Now

Switch and port monitoring

Switch is a network exchange facility operating at the data link layer (layer 2) and sometimes the network layer (layer 3) of the OSI Reference Model. Classified by working protocols, there are two-layer switch, three-layer switch, four-layer switch and multiple-layer switch. Switch also can be classified into managed switch and unmanaged switch.

Generally, three-layer switch and above has management function (managed switch).

Unlike hubs, switches prevent promiscuous sniffing. In a switched network environment, Javvin Packet Analyzer (or any other packet analyzer) is limited to capturing broadcast and multicast packets and the traffic sent or received by the PC on which it is running.

However, most modern switches (management switches) support "port mirroring", which is a feature that allows you to configure the switch to redirect the traffic that occurs on some or all ports to a designated monitoring port on the switch. With this feature, you can monitor the entire LAN segment in switched network environment. Please refer to the documentation coming with your switch for the availability information about this feature and configuration instructions.

If your switch dose not support "port mirroring", you can install Javvin Packet Analyzer on a workstation connected to the same hub as your Internet gateway, or on your Internet gateway (if acceptable), thus you can monitor all network traffic between your intranet and the Internet.

A list of some managed switches (with port monitoring/spanning) which are commonly used is available on our website.

Configuring a switch

Javvin Packet Analyzer should be installed on the host/server connected with the switch’s mirror port (span port).

Mirror port configuration:

  • Mirror the way out port to the management port (mirror port), in this way the entire data transmitted into/out of LAN can be monitored.
  • Mirror all way out ports to the management port (mirror port), in this way not only the entire data transmitted into/out of LAN but also the communication among hosts in LAN can be monitored. (Recommend)

Note: Different brands' switches may apply different mirror port configurations, please refer to the instructions coming with your switch.

The following are two examples for CISCO switch using the "monitor" command in configuration mode:

Format:

#monitor session number source interface mod_number/port_number
#monitor session number destination interface mod_number/port_number

Examples:

  • Mirror session 1: mirror port 1-10 to port 12
    #monitor session 1 source interface 1/1-10
    #monitor session 1 destination interface 1/12
  • Mirror session 2: mirror port 13-20 to port 24
    #monitor session 2 source interface 2/13-20
    #monitor session 2 destination interface 2/24
Change the corresponding parameters when there are multiple mirror sessions or modules.