Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Looking for a portable sniffing-friendlyhub/switch

From: "RUOFF, LARS (LARS)** CTR **" <lars.ruoff () alcatel-lucent com>
Date: Wed, 14 Apr 2010 17:19:05 +0200

Yes, I have come across this one too.
But this one looks suspect to me.
There are only 3 ports here and there is a physical link between all Rx and Tx cables, so this should introduce 
collisions at the least.
Also, I can't see how the outbound traffic from host B will be output on the tap port? I think this can't work?!

Lars



-----Original Message-----
From: wireshark-users-bounces () wireshark org 
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of 
Oldcommguy - Tim
Sent: lundi 12 avril 2010 21:52
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] Looking for a portable 
sniffing-friendlyhub/switch

The DIY tap actually works....depending on how well one 
follows directions.

For VoIP with a SPAN port , please remember, there will not 
be any jitter and loss frames for your analysis.

Other than that it is all about connections, setup,,,etc.

Another DIY - 
http://www.instructables.com/id/Make-a-Passive-Network-Tap/

Good Sniffing.....


Tim O'Neill  - The "OldcommguyT"
B.T. Solutions, Inc.
Phone - 770-640-0809
Website - www.lovemytool.com
e-mail - Tim () oldcommguy com
Please honor and support our Troops, Law Enforcement and 
First Responders!
All Gave Some - Some Gave All!



-----Original Message-----
From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of Lee
Sent: Monday, April 12, 2010 3:00 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Looking for a portable 
sniffing-friendlyhub/switch

One difference between the $1K tap and the DIY version might 
be that the expensive one will work wherever you put it in 
your network.

The DIY version instructions to
  Strip the cat 5 cable and untwist all the individual wires.
I believe makes it not cat 5 any more.  It's probably still 
good enough for it's intended purpose - ie. at home & cheap - 
but maybe not such a great idea to use on a critical link at 
work.  (which isn't going to stop me from trying to make one myself :)

Thanks for the link to the DIY taps - I hadn't seen those before.

Regards,
Lee


On 4/12/10, RUOFF, LARS (LARS)** CTR ** 
<lars.ruoff () alcatel-lucent com>
wrote:

Hi,
thanks to all who have contributed!
First of all, i'd like to say that i fully understand the 

point of the 

TAP advocats.
But I should have added that most of my sniffing use cases 

are related 

to network or application layer stuff (mostly VoIP) on low 

bandwidth links.

So with this in mind, i go 100% with the comment of Martin 

and think 

that

a

port mirroring switch will do the job better for most of my needs.
(But i'm  still looking forward to use a tap sometime)

As for another provocative question to through into the 

arena, what's 

the difference between this one...
http://www.networktapstore.com/10-100-1000-TAP.asp
($1,095.00! *yuck*)

...and that one:
http://hackadaycom.files.wordpress.com/2008/09/tap.jpg?w=450&h=291
;-)

or for some more details:


http://thnetos.wordpress.com/2008/02/22/create-a-passive-netwo
rk-tap-for-you
r-home-network/

http://www.enigmacurry.com/category/diy/

What are the limits of the second type of "solution" in practice?

Another question, purely technical:
When using a tap, what's the sniffing process:
Sniff simultaneously on 2 NICs on same PC (2x dumpcap), 

then merge the
files

with mergecap?

Any other hub/switch recommendations?

PS: I will add the info to the Wiki.

thanks,
regards,
Lars



-----Original Message-----
From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of Guy 
Harris
Sent: dimanche 11 avril 2010 22:00
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Looking for a portable 
sniffing-friendlyhub/switch


On Apr 11, 2010, at 12:56 PM, Guy Harris wrote:


The right place might be

 http://wiki.wireshark.org/CaptureSetup/Ethernet

as it already has some information on this.


I've added a link to that from the front page, just as 

there's a link 

to CaptureSetup/WLAN.
______________________________________________________________
_____________
Sent via:    Wireshark-users mailing list
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe




______________________________________________________________
_____________

Sent via:    Wireshark-users mailing list 

<wireshark-users () wireshark org>

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


______________________________________________________________
_____________
Sent via:    Wireshark-users mailing list 
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request () wireshark org?subject=unsubscribe

______________________________________________________________
_____________
Sent via:    Wireshark-users mailing list 
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             
mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: