- LANGuardian
LANGuardian features, architecture, and licensing. - Solutions
See what you can do with LANGuardian. - Downloads
Free trial software, videos, documentation, and more. - Customers
See what our customers are doing with LANGuardian. - Partners
Network monitoring concepts
Network monitoring concepts
Most network core switches have the ability to copy network traffic from one port on the switch to another. This feature, which is called port monitoring or port mirroring, enables LANGuardian to capture traffic data for analysis.
Port monitoring
Port monitoring is given different names by different switch vendors:
- On a Cisco Systems switch, port monitoring is called Switched Port Analyzer (SPAN). You will often see references in the documentation to a SPAN port.
- On 3Com switches, it is called a Roving Analysis Port (RAP).
- The documentation for HP switches uses the term trunk monitoring.
Configuring a monitoring port on your switch involves the following steps:
- Identify an unused switch port to designate as a monitoring port for LANGuardian.
- Identify the switch ports you want to monitor (these are often called source ports).
- Configure the switch to associate the source ports with the monitoring port.
The switch will send a copy to the monitoring port of all data flowing through the source ports. LANGuardian captures the data from the monitoring port for analysis. The actual data itself is not affected and there is no performance impact.
Sensors
During installation, you connect one of the NICs on the LANGuardian system to the monitoring port on your network's core switch. The LANGuardian software auomatically creates a sensor to associate that NIC with the software. LANGuardian instantly begins capturing network traffic and you can view the results in your web browser.
There are some situations where you might want to create more than one sensor in LANGuardian. In these situations, you need a monitoring port on your switch for each sensor and a corresponding NIC on your LANGuardian system. For example, if you have three sensors, you would need three monitoring ports on your switch and four NICs on your LANGuardian system – one for each of the sensors, and one to deliver the browser-based user interface).
Central manager mode
You can deploy LANGuardian of any size of network, from a local office to a global enterprise network. In large networks that contain multiple core switches, you must deploy a LANGuardian instance for each core switch. You designate one instance as a central manager and each of the other instances as a remote collector. The remote collector instances do not have a traffic database or user interface; instead, the traffic collection engine sends the traffic data it captures to the central manager instance, and the data is accessiblethrough the user interface of the central manager instance.
Find out more
If you have any questions about how LANGuardian can help you with your network monitoring requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.
