Port Mirroring, also know as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one or more ports to another port, where the packet can be analyzed.

Port Mirroring, wich is supported in nearly all enterprise class switches (managed switches), allows other computers to see network traffic which is not visible to them in a general case. Managed switches have a configuration interface (web-based or command-line console), which administrators may use to specific the source port(s) to be mirrored and the destination port, where a copy of all packets will be forwarded.

Below illustrates how port mirroring works.

Four computers are shown in this example, The figure 2 demonstrates how they are connected to a managed switch with port mirroring support, while on figure 1 demonstrates how they are connected to a switch in general without port mirroring.

In figure 1 you will see how a general unmanaged switch works. It forwards packets directly between ports, where computers A and B are connected. Other Computers (C and D) do not see these packets.

In figure 2 you will see the same scenario with the addition of Port Mirroring. The network traffic is sent again between Computers A and B. But there is a Computer D, which is listening (monitoring) to that traffic. Every packet, which is sent or received by Computer Ais duplicated (mirrored) to Computer D port. When configuring port mirroring on the switch, the "source monitoring port", is a port where Computer A is connected and the "destination analysis port" is a port where Computer D is connected.

          Figure 1                                                        Figure 2