Wireshark-users: Re: [Wireshark-users] Looking for a portable sniffing-friendlyhub/switch
The differing number of twists per inch in each pair of wires (which
is why each pair always reads different lengths when you apply
something like a Fluke meter to the 4-pair cable) is what gives data-
grade cables its basic resistance to RF interference for unshielded
twisted pair (the shield provides additional protection for shielded
twisted pair). If you untwist them beyond the 0.5" at the ends
allowed by specifications, you're basically removing all such
resistance to RF interference and introducing additional issues such
as retransmissions, etc., that would skew your readings.
On Apr 12, 2010, at 15:52, Oldcommguy - Tim wrote:
The DIY tap actually works....depending on how well one follows
directions.
For VoIP with a SPAN port , please remember, there will not be any
jitter
and loss frames for your analysis.
Other than that it is all about connections, setup,,,etc.
Another DIY - http://www.instructables.com/id/Make-a-Passive-
Network-Tap/
Good Sniffing.....
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Lee
Sent: Monday, April 12, 2010 3:00 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Looking for a portable
sniffing-friendlyhub/switch
One difference between the $1K tap and the DIY version might be that
the expensive one will work wherever you put it in your network.
The DIY version instructions to
Strip the cat 5 cable and untwist all the individual wires.
I believe makes it not cat 5 any more. It's probably still good
enough for it's intended purpose - ie. at home & cheap - but maybe not
such a great idea to use on a critical link at work. (which isn't
going to stop me from trying to make one myself :)
Thanks for the link to the DIY taps - I hadn't seen those before.
Regards,
Lee
On 4/12/10, RUOFF, LARS (LARS)** CTR ** <lars.ruoff@alcatel-
lucent.com>
wrote:
Hi,
thanks to all who have contributed!
First of all, i'd like to say that i fully understand the point of
the TAP
advocats.
But I should have added that most of my sniffing use cases are
related to
network or application layer stuff (mostly VoIP) on low bandwidth
links.
So with this in mind, i go 100% with the comment of Martin and
think that
a
port mirroring switch will do the job better for most of my needs.
(But i'm still looking forward to use a tap sometime)
As for another provocative question to through into the arena,
what's the
difference between this one...
http://www.networktapstore.com/10-100-1000-TAP.asp
($1,095.00! *yuck*)
...and that one:
http://hackadaycom.files.wordpress.com/2008/09/tap.jpg?w=450&h=291
;-)
or for some more details:
http://thnetos.wordpress.com/2008/02/22/create-a-passive-network-
tap-for-you
r-home-network/
http://www.enigmacurry.com/category/diy/
What are the limits of the second type of "solution" in practice?
Another question, purely technical:
When using a tap, what's the sniffing process:
Sniff simultaneously on 2 NICs on same PC (2x dumpcap), then merge
the
files
with mergecap?
Any other hub/switch recommendations?
PS: I will add the info to the Wiki.
thanks,
regards,
Lars
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy
Harris
Sent: dimanche 11 avril 2010 22:00
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Looking for a portable
sniffing-friendlyhub/switch
On Apr 11, 2010, at 12:56 PM, Guy Harris wrote:
The right place might be
http://wiki.wireshark.org/CaptureSetup/Ethernet
as it already has some information on this.
I've added a link to that from the front page, just as
there's a link to CaptureSetup/WLAN.
--
Reality Artisans, Inc. # Network Wrangling and Delousing
P.O. Box 565, Gracie Station # Apple Certified Consultant
New York, NY 10028-0019 # Apple Consultants Network member
<http://www.realityartisans.com> # Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found
at <https://keyserver.pgp.com>