Switch-based network monitoring requires additional monitoring software or hardware because

switches operate at the data link layer of the OSI model and do not inherently provide monitoring

capabilities. To monitor traffic through a switch, network administrators must use port mirroring or a

network tap, which involves configuring the switch to send a copy of the network packets to a

monitoring device. This allows the monitoring device to analyze the traffic passing through the

switch without interfering with the network’s normal operation. This technique is essential for deep

packet inspection, intrusion detection systems, and for gaining visibility into the traffic between

devices in a switched network.

Reference: The need for extra monitoring software or hardware in switch-based network monitoring

is consistent with the Certified Network Defender (CND) curriculum, which emphasizes the

importance of implementing robust network monitoring practices to detect and respond to security

threats12. Additionally, the use of port mirroring and network taps as methods to monitor switch-

based networks is a standard practice in network security, aligning with the CND’s focus on technical

network security measures34.