Penetration Testing mailing list archives
Re: Ethernet TAP's
From: Chris Reining <creining () packetfu org>
Date: Thu, 11 Mar 2004 19:57:18 -0600
Any recommendations on specific Ethernet TAP's for sniffing switches?
First off, I assume you know that sniffing a switch is possible with most or all high end switches using port mirroring or spanning. WRT TAPs, there's only a few players in this area. There's Intrusion, Finisar (was Shomiti), Netoptics, and Toplayer. I may be leaving a few out here that I'm not aware of. A couple pointers on picking an ethernet TAP: is there a fail-safe mechanism (if the TAP loses power will it still maintain network link) and in what way does the tap deal with full duplex (if that's the nature of your environment). Some TAPs require that 2 outputs are needed and you are responsible for aggregation of the two half duplex streams while others do the aggregation and provide a full duplex output. In the case that a full duplex output is presented from the TAP make *sure* that the manufacturers product will not drop output traffic when, for example, there's greater than 50% utilization on each side, or greater than 100Mbps. All in all it is my belief that NetOptics makes decent ethernet TAPs. HTH, Chris --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Ethernet TAP's David Nardoni (Mar 11)
- Re: Ethernet TAP's Chris Reining (Mar 12)
- RE: Ethernet TAP's Simon Thornton (Mar 12)
- Re: Ethernet TAP's Phil Wallisch (Mar 12)
- <Possible follow-ups>
- RE: Ethernet TAP's PJD (Mar 12)
- RE: Ethernet TAP's Vincent . Maes (Mar 12)