Communication networks may be monitored for various purposes such as network management, security, collection of statistical information on network behavior, and debugging. The network can be monitored using various techniques. For example, in port mirroring, packets seen on a switch or a router port are copied and, typically, sent to a central network management appliance.
Methods for network monitoring using mirroring are known in the art. For example, U.S. Patent Application Publication 2014/0280829 describes a function that is provided in a network system for the dynamic mirroring of network traffic for a variety of purposes including the identification of characteristics of the traffic. Multiple criteria are established for when, what and where to mirror the traffic. The criteria include what frames of traffic to mirror, what portions of the selected frames to mirror, one or more portals through which to mirror the selected frames, a destination for the mirroring and the establishment of a mirror in a device to carry out the mirroring. The mirroring instructions can be changed based on the detection of a triggering event, such as authentication, device type or status, ownership of an attached function attached to the device, or flow status.
U.S. Pat. No. 8,819,213 describes a method and systems for dynamically mirroring network traffic. The mirroring of network traffic may comprise data that may be considered of particular interest. The network traffic may be mirrored by a mirror service portal from a mirror sender, referred to as a mirror source, to a mirror receiver, referred to as a mirror destination, locally or remotely over various network segments, such as private and public networks and the Internet. The network traffic may be mirrored to locations not involved in the network communications being mirrored.
U.S. Pat. No. 7,292,573 describes a method for mirroring of select network traffic. A data packet is received by a network device. A determination is made as to whether a designated aspect of the packet matches a flagged entry in a look-up table on the network device. If a match is found, then a copy of the packet is sent to an associated mirror destination.