 | 1 | initial version |
This is capturing on a switched network and is covered in the wiki page Ethernet Capture - Switched Ethernet where a variety of solutions are offered.
If Switch 1 provides mirroring or spanning capability that would suffice as the Switch + Monitor Port, as long as the combined mirrored traffic doesn't exceed the capacity of the single port you mirror to. All protocols should be unbound from the monitoring PC to prevent inadvertent traffic generation.
If you have two NIC's in the monitoring PC, the Man-in-the-middle approach can be used.
Finally, if you have the budget an Ethernet TAP can be used. This is often the most accurate method but also the most costly.
