Network administrators that manage and maintain enterprise networks sometimes have a need to monitor traffic received at a particular node in the network. Contemporary routers and switch routers permit the administrator to define a class of traffic and cause that traffic to be directed to an egress port for purposes of performing network intrusion detection or recording the traffic, for example. The analysis, however, is necessarily performed by a traffic analysis tool or recording device directly coupled to the router or switch router. There is currently no means for the administrator to direct the traffic to another node where the necessary resources reside. The problem is especially problematic in enterprise and service provider networks, for example, where the traffic to be analyzed/recorded and the resources needed to analyze/record it are separated by large distances.
There is therefore a need for an apparatus and method for selecting and transmitting traffic in its original, unaltered form from a first node in the network to a second node where it may be analyzed or recorded. Such a system would overcome the need to locate the resources needed to analyze and record traffic in the immediate proximity of the device to be studied.