can you please explain more for us.

we searched about this topic and the result was that when data sniffing occurs an increase in data traffic appears which may help us detect it. Is this possible ?

when data sniffing

You mean span the port ?

we have 2 questions:

1.can we detect port spanning from data?

2. and can we detect any other attack from data (stealing data illegally)?

thanks.

1.can we detect port spanning from data?

- Sorry i may be missed here, you looking to detect is the port spanned ? or you looking to Data port to span or mirror for sniffing.

2. and can we detect any other attack from data (stealing data illegally)?

- this is depends on destination port, what software you have to detect this, you need to look more secure solution.

sg300  - your exepctation on this mode too big, so you need to consider if you really looking, then look for Cat 9K switches.

1. I need to detect if the port spanned.

2. can you explain more please

And if we collect switch data (in/out octet, unicast, multicast and broadcast) and plot them in a graph. Then we monitor this graphs and observe data changes can we figure out if we have any attack on the switch such as data stealing.

1. I need to detect if the port spanned.

- if you like to detect port is spanned, based on the config you need to do audit.

2- And if we collect switch data (in/out octet, unicast, multicast and broadcast) and plot them in a graph. Then we monitor this graphs and observe data changes can we figure out if we have any attack on the switch such as data stealing.

- No by this you will not able to find what you looking for, you need network analyser ( see your network attacked)

you will find many examples.