A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capyure all of the network traffic. Which of the following should be used for the IDS implementation?

a. Network tap
b. Honeypot
c. Aggregation
d. Port mirror

Port mirroring is a method to monitor network traffic and it is used in the Intrusion Detection Systems. It is also called Switched Port Analyzer and is used to analyse the network errors. This technique basically copies the network packets and sends or transmits these copied packed from one port to another in a network device such as a switch. This means that this technique is used to copy the network packets from one switch port and send the copy of these packets to another port where these packets are monitored. This is how it analyses the network errors and incoming traffic for irregular behavior and also this can be done without affecting the normal operation of the switch and other network processes. It is simple, inexpensive and easy to establish and use. The most important advantage of using mirrored ports is that it catches the traffic on several ports at once or can capture all of the network traffic.