Certiology > Tech Terms > Network > Port Mirroring

Port Mirroring

Port Mirroring078 434 966

Port Mirroring is a method of copying and transferring network packets or network data from one place to another (from one port to another). It is a network monitoring technique used on switches.


How does port mirroring function? When network monitoring is activated via a security application or a network administrator, the data packets accessed from one specific port always get copied/transferred to the mirrored port or the destination port.

This destination port is a monitoring one and the security application or the network administrator can access this port and analyze the data that’s in it. In other words, the monitoring port is a part of the monitoring software.

The way a person could use port mirroring is that he would set up a port analyzer or a SPAN (switch port analyzer) which will process every segment of the original port. So, for example, the user is on one port and we’ll call this port the original one.

Whatever data he may access, while on the network, the data packets are being sent to the monitoring port (which is again, set up by the administrator). Then the port analyzer starts analyzing all the data that is coming from the original port, without interfering the user’s activities. Port Mirroring is very effective against malware attacks.