In a circumstance of the Ethernet, generally the communication between two workstations will not be intercepted by the third party, but in certain cases, all the data packets passing in and out the network possibly require to be monitored for the management server installed with the monitor software to catch data, for example the Internet bar should provide this function to send the data to the public security department to be examined; however, enterprises also urgently need one port in the network to provide this real-time monitor function to secure the information security and to keep the company secrets.
The port mirroring function in the enterprise is able to well carry out the monitor management on the network data inside the enterprise, and when a fault occurs in the network, the fault positioning can be done well; however, monitoring all the traffic is rather difficult in the current widespread used switching network, and therefore a switch/router requires to be configured to forward the data of one or more ports to a certain port to implement the monitoring for the network.
The port mirroring function is able to copy part or all traffic of one port (source port) to another specified port called as a “mirroring port” (also called as a “monitoring port” or a “destination port”); in the case of not severely affecting the normal throughput of the source port, the traffic of the network is monitored and analyzed through the mirroring port; the existing port mirroring techniques implemented on the routers are all based on the router itself, namely one or more ports on the router are mirrored to another port on this router, and since the remote monitor of the port is not implemented, its application scope is limited.
With the wide application of the Virtual Private Network (VPN) technique, the application areas of the router become wider and wider, and more and more services have been implemented, and along with the rising of the awareness of their own network security of each enterprise, the demands for remote monitoring and interception become more and more urgent, however, there is not a particular implementation scheme yet.