analyzing network protocols has become more convenient

home ” software

ProLAN has developed ProMirroring technology, which simplifies the use of any network protocol analyzer in a switched network. The technology is supported by all products of the SLA-ON family, including the free QuTester+ program, and can be effectively used in switched networks based on equipment from Zyxel, 3Com, Allied Telesis, Cisco Systems and others.

 

Today network protocol analyzers are effectively used by IT departments and information security departments to solve a wide range of tasks. With their help, you can quickly determine the reason for the slow operation of an IT service or business application. They allow you to document the network activity of users and use the data obtained, for example, to determine the source of information leakage. They can be used to monitor compliance with the Service level Agreement (SLA) by network service providers. The only “fly in the ointment” is the inconvenience of using them in switched networks. The fact is that the protocol analyzer should “see” all the analyzed traffic, while in a switched network, traffic between two ports of the switch is “invisible” on its other ports.

There are two possible ways to solve this problem. The first is to use TAP (Test Access Point). This is a special device (multiplexer) that is installed in a communication channel gap and copies network traffic to the protocol analyzer. The second method is “mirroring” the switch port (port mirroring, roving analysis), which allows you to copy traffic from one port to another “inside the switch”. The first method has many advantages and only one drawback – high cost (at least $ 750.) The second method is supported by most high-end switches, but has technical limitations and is inconvenient to use.

There are three main inconveniences. First, the mirroring process is a lengthy procedure (you need to run a terminal program, SSH client or web browser, enter the menu, find the desired section, select the desired ports, etc.). Second, each network equipment manufacturer offers its own sequence of actions that must be performed to mirror the switch port. Third, there are no standard methods that make it easy to determine which port of the switch is connected to the computer whose traffic needs to be analyzed.

The company ProLAN offers ProMirroring technology, which allows you to eliminate all these inconveniences. The essence of the proposed technology is as follows. The network administrator, using the SLA-ON Operations program (which is part of all products of the SLA-ON family, including the free QuTester+ program), selects the computer on the network map whose traffic he wants to analyze. After that, it specifies the model of the switch to which this computer is connected, and the port to which the network protocol analyzer is connected. After that, the SLA-ON Operations program automatically determines which port of the switch this computer is connected to and automatically executes a set of instructions corresponding to the selected switch model. The process of port mirroring using ProMirroring technology takes no more than 5 seconds and is identical for all supported switches.

Currently, ProMirroring technology supports Zyxel, 3Com, Allied Telesis, Cisco Systems and others switches.

ProMirroring technology can be used with any protocol analyzers. However, the greatest effect is achieved when it is used in conjunction with the Network Instruments’ Observer protocol analyzer, which transparently integrates with the SLA-ON Operations program. This makes it possible not only to mirror ports directly from the SLA-ON Operations program, but also to automatically install filters (Filter Setup) and capture network packets (Packet capture).