How to setup a vSphere 5 Port Mirror
Port mirroring is the capability on a network switch to send a copy of network packets seen on a switch port to a network monitoring device connected to another switch port. Port mirroring is also referred to as Switch Port Analyzer (SPAN) on Cisco switches. In VMware vSphere 5.0, a Distributed Switch provides a similar port mirroring capability to that available on a physical network switch. After a port mirror session is configured with a destination\u2014a virtual machine, a vmknic or an uplink port\u2014the Distributed Switch copies packets to the destination. Port mirroring provides visibility into:\n\n\u2022 Intrahost virtual machine traffic (virtual machine\u2013to\u2013virtual machine traffic on the same host)\n\u2022 Interhost virtual machine traffic (virtual machine\u2013to\u2013virtual machine traffic on different hosts)\n\nThe port mirroring capability on a Distributed Switch is a valuable tool that helps network administrators in debugging network issues in a virtual infrastructure. The granular control over monitoring ingress, egress or all traffic of a port helps administrators fine-tune what traffic is sent for analysis.\n\nPort mirror configuration can be done at the Distributed Switch level, where a network administrator can create a port mirror session by identifying the traffic source that needs monitoring and the traffic destination where the traffic will be mirrored. The traffic source can be any port with ingress, egress or all traffic selected. The traffic destination can be any virtual machine, vmknic or uplink port. http://www.ntpro.nl