The most widespread method for managing network monitoring is through the use of analysis equipment, such as probes and sniffers. These devices perform a variety of critical tasks–from analyzing network traffic and troubleshooting application performance to detecting security concerns.

In general, sniffers are used to “reactively” troubleshoot the network. Support staff should be able to quickly attach a sniffer to the network to resolve a problem. Probes “proactively” maintain the network with intelligent data-capture abilities.

Some of the more simple versions of these devices use a command-line interface and dump captured data to the administrator’s computer screen. Through a GUI connection, more complex probes and sniffers can create traffic reports and statistics, as well as track multiple sessions. Intrusion-detection systems (IDS) employ sniffers and probes to analyze the ordinary data coming into the network, such as monitoring e-mail.

Probes and sniffers are relatively expensive and difficult to maintain. Most enterprise-class Ethernet switches allow for the creation of one or more monitoring ports, also called switched port-analyzer (SPAN) ports. Software licensing for this equipment can be costly, up into the tens of thousands of dollars per year. A typical IT department cannot always justify this cost, especially when a sniffer might be required for only a short period of time on a day-to-day basis.

This illustration demonstrates a physical layer switch’s ability to remotely share and distribute analysis equipment over the network from a central location.

Meanwhile, the number of network-analysis devices needed tends to increase exponentially as the enterprise’s business and IT needs grow. The increase in capital expense is difficult to justify. Keeping the competitive technological edge often depends on creative solutions.

A physical-layer switch provides the high-density, any-port-to-any-port connectivity, and intelligent software that allows probes and sniffers to be remotely shared and distributed across the network. This Layer 1, non-intrusive, protocol-independent switching technology is suited for building network resiliency and efficiency.

This solution delivers an immediate ROI by reducing capital expenditures and maintenance costs. In addition, network support personnel save time and energy by managing analysis and security equipment from multiple workstations, LAN or WAN. The days of transporting equipment and constant manual cable patching are virtually eliminated.

The probes and sniffers can be shared among all the SPAN ports from enterprise Ethernet switches by moving the network analysis and security equipment to a central location and connecting them to a physical-layer switch. In turn, each SPAN port occupies a single physical-layer switch port. A direct 1:1 connection is established and allows data transmitting from the SPAN port to be physically routed through the physical-layer switch and out to a specified probe or sniffer.

Multicasting capabilities are available, as well, and help define the flexibility inherent in physical-layer switching. For example, a network administrator could multicast a single data stream from the SPAN port of a catalyst switch to multiple sniffers to collaborate and troubleshoot a problem. Additionally, the any-to-any connectivity is designed to track and differentiate between SPAN and network-analysis and security equipment ports. This feature ensures the elimination of a potentially catastrophic disruption on the network caused by linking two SPAN ports together.

Advanced software also can provide fast, user-friendly point-and-click port connection, as well as the ability to create multi-user connections to one or more physical-layer switches. Furthermore, user accounts or zones can be constructed for restricting access to the physical-layer switch on a port-by-port or entire switch level.