Comment Re:It's called Port Mirroring (Score 2, Insightful) 265
Two points.
One: the mirror port (aka span port) on your switch does not buffer the traffic, and will drop packets in any spike. That's true even for expensive Cisco switches. To get all traffic, you need a network tap on a line.
Two: getting the traffic isn't hard. It's basic sniffing. Analysing the traffic in realtime is what matters.
