Mirroring traffic – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Features Guide

Section II: Advanced Operations

211

Mirroring Traffic

The Land, Teardrop, Ping of Death, and IP Options defense mechanisms
allow you to copy the examined traffic to a mirror port for further analysis
with a data sniffer or analyzer. This feature differs slightly from port
mirroring in that prior to an actual violation of a defense mechanism, only
the packets examined by a defense mechanism, rather than all packets,
are mirrored to the destination port. Should a violation occur, then all
ingress packets on the port where the violation occurred are mirrored.

As an example, activating the mirroring feature in conjunction with the
Teardrop defense on a port sends all examined ingress fragmented IP
traffic to the destination mirror port. If the switch detects a violation, all
ingress packets on the port are copied to the mirror port during the sixty
seconds that the port is blocked.

Implementing this feature requires configuring the port mirroring feature as
follows:



Activate port mirroring.



Specify a destination port.



Do not specify any source ports. The source ports are defined by the
Denial of Service defense mechanism.