Bypass image, port image, bypass monitoring 01/28 Update SLTechnology News&Howtos

Bypass image, port image, bypass monitoring

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

The common network monitoring mode can be divided into two kinds: one is bypass monitoring mode, the other is series monitoring mode.

The "bypass monitoring mode" generally refers to the monitoring through the "port mirror" function of the switch and other network equipment. In this mode, the monitoring device only needs to be connected to the designated mirror port of the switch, so it is vividly called "bypass monitoring".

The series mode is generally monitored through the mode of gateway, bridge or proxy server, because the monitoring equipment is connected in series as a gateway or bridge in the network, so it is called "series monitoring mode".

Advantages and disadvantages of bypass mode:

The bypass monitoring mode is flexible and convenient to deploy, and only needs to configure the mirror port on the switch. The existing network structure will not be affected. The concatenation mode is generally used as a gateway, bridge or proxy server, so the existing network structure needs to be changed.

The bypass mode analyzes the data copied from the mirror port, which will not cause delay to the original packet and will not have any impact on the network speed. While the series mode is connected in series in the network, then all the data must first go through the monitoring system, after the analysis and inspection of the monitoring system, it can be sent to each client, so there will be a certain delay to the network speed.

Once the bypass monitoring device fails or stops running, it will not affect the existing network. If the series monitoring equipment fails, it will lead to network interruption.

Disadvantages:

The switch or route is required to support the "port mirror" function to achieve monitoring.

Bypass mode disconnects the TCP connection by sending RST packets, and UDP communication is not prohibited. For UDP applications, it is generally necessary to disable UDP ports on the router. This problem does not exist in series mode.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.