Wireshark-users: Re: [Wireshark-users] Looking for a portable sniffing-friendlyhub/switch
From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Apr 2010 16:15:25 -0400
The differing number of twists per inch in each pair of wires (which is why each pair always reads different lengths when you apply something like a Fluke meter to the 4-pair cable) is what gives data- grade cables its basic resistance to RF interference for unshielded twisted pair (the shield provides additional protection for shielded twisted pair). If you untwist them beyond the 0.5" at the ends allowed by specifications, you're basically removing all such resistance to RF interference and introducing additional issues such as retransmissions, etc., that would skew your readings.

On Apr 12, 2010, at 15:52, Oldcommguy - Tim wrote:

The DIY tap actually works....depending on how well one follows directions.

For VoIP with a SPAN port , please remember, there will not be any jitter
and loss frames for your analysis.

Other than that it is all about connections, setup,,,etc.

Another DIY - http://www.instructables.com/id/Make-a-Passive- Network-Tap/

Good Sniffing.....

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Lee
Sent: Monday, April 12, 2010 3:00 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Looking for a portable
sniffing-friendlyhub/switch

One difference between the $1K tap and the DIY version might be that
the expensive one will work wherever you put it in your network.

The DIY version instructions to
  Strip the cat 5 cable and untwist all the individual wires.
I believe makes it not cat 5 any more.  It's probably still good
enough for it's intended purpose - ie. at home & cheap - but maybe not
such a great idea to use on a critical link at work.  (which isn't
going to stop me from trying to make one myself :)

Thanks for the link to the DIY taps - I hadn't seen those before.

Regards,
Lee


On 4/12/10, RUOFF, LARS (LARS)** CTR ** <lars.ruoff@alcatel- lucent.com>
wrote:
Hi,
thanks to all who have contributed!
First of all, i'd like to say that i fully understand the point of the TAP
advocats.
But I should have added that most of my sniffing use cases are related to network or application layer stuff (mostly VoIP) on low bandwidth links. So with this in mind, i go 100% with the comment of Martin and think that
a
port mirroring switch will do the job better for most of my needs.
(But i'm  still looking forward to use a tap sometime)

As for another provocative question to through into the arena, what's the
difference between this one...
http://www.networktapstore.com/10-100-1000-TAP.asp
($1,095.00! *yuck*)

...and that one:
http://hackadaycom.files.wordpress.com/2008/09/tap.jpg?w=450&h=291
;-)

or for some more details:

http://thnetos.wordpress.com/2008/02/22/create-a-passive-network- tap-for-you
r-home-network/
http://www.enigmacurry.com/category/diy/

What are the limits of the second type of "solution" in practice?

Another question, purely technical:
When using a tap, what's the sniffing process:
Sniff simultaneously on 2 NICs on same PC (2x dumpcap), then merge the
files
with mergecap?

Any other hub/switch recommendations?

PS: I will add the info to the Wiki.

thanks,
regards,
Lars


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: dimanche 11 avril 2010 22:00
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Looking for a portable
sniffing-friendlyhub/switch


On Apr 11, 2010, at 12:56 PM, Guy Harris wrote:

The right place might be

	http://wiki.wireshark.org/CaptureSetup/Ethernet

as it already has some information on this.

I've added a link to that from the front page, just as
there's a link to CaptureSetup/WLAN.

--
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com>