Switch Monitoring – How a Router Monitors Traffic Between Devices

dellmonitoringswitch

I recently set up a small business network, and am constantly learning more about how networking hardware works. It is my understanding that a Layer 2 device (Dell 48 port managed switch in this case) will switch traffic based on Mac Address once it learns which devices live down each port. This way not every device in the network sees every packet (obviously broadcast and multicast can be exceptions to this). In this case, I have a Dell SonicWall router connected to the switch serving DHCP. On the SonicWall there is a packet monitor feature that lets you watch for packets originating from or going to a specific IP. If I ping one computer from another computer, both connected directly to the switch, I assumed the router shouldn't be able to see the traffic. However, the packet monitor can see each ping as it happens. How is this possible? All of the traffic in the switch can't be piped back down to the router. The switch as a 100+ gbps backplane and the router is connected over a single gigabit port. Networks would never work if every packet had to be forwarded to the router first.

Best Answer

As per this page:

The SonicWALL Packet Monitor feature allows you to capture and examine network traffic as it crosses your firewall. When activated, Packet Monitor logs the details of packets as they pass through the device, recording data such as the packet's origin, destination and port number. This in turn can help you to gain information about the conditions on your network and identify potential threats.

Given that you're using a layer 2 switch I'd say the two PCs your pinging between are on different layer 3 networks and therefore need to send their data to the SonicWall which is then performing the routing between the networks and monitoring the traffic at the same time.

Related Topic