Sniffing in switched environment

Unlike hubs, switches usually prevent promiscuous sniffing. In a switched network environment, a sniffer is limited to capturing broadcast and multicast packets and those traffic sent or received by the same PC as the sniffer running one.
However, most modern switches support SPAN, or called "port mirroring", which is an advanced feature that enables switches to forward all packets to one or more switch ports and allows sniffers capture network traffic of the whole LAN

Port Mirroring is configured by assigning a port (called "management port") from which to copy all frames, and a port to which to send those frames. Finally, when the feature is activated, all frames bound for or sourced from the selected source port will be copied and sent (in addition to their regular destinations) to the selected destination port. Simply by placing a sniffer on this destination port, each segment can be separately monitored without moving the equipment. By using this feature, you will able to monitor the entire LAN segment.


http://www.securesphere.net/download/papers/SwitchSniff.htm
http://www.sans.org/rr/papers/38/244.pdf
http://www.sans.org/resources/idfaq/switched_network.php