Wireshark-users: Re: [Wireshark-users] Looking for a portable sniffing-friendlyhub/switch
From: dan meyer <dan@xxxxxxxxxxxxxxxx>
Date: Wed, 14 Apr 2010 14:01:53 -0500
Here is a better reference to home made taps:
 
 
The short of it is you need two NIC's on the machine doing the sniffing.
 
-- Dan Meyer
On Wed, Apr 14, 2010 at 10:19 AM, RUOFF, LARS (LARS)** CTR ** <lars.ruoff@xxxxxxxxxxxxxxxxxx> wrote:

Yes, I have come across this one too.
But this one looks suspect to me.
There are only 3 ports here and there is a physical link between all Rx and Tx cables, so this should introduce collisions at the least.
Also, I can't see how the outbound traffic from host B will be output on the tap port? I think this can't work?!

Lars


> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
> Oldcommguy - Tim
> Sent: lundi 12 avril 2010 21:52
> To: 'Community support list for Wireshark'
> Subject: Re: [Wireshark-users] Looking for a portable
> sniffing-friendlyhub/switch
>
> The DIY tap actually works....depending on how well one
> follows directions.
>
> For VoIP with a SPAN port , please remember, there will not
> be any jitter and loss frames for your analysis.
>
> Other than that it is all about connections, setup,,,etc.
>
> Another DIY -
> http://www.instructables.com/id/Make-a-Passive-Network-Tap/
>
> Good Sniffing.....
>
>
> Tim O'Neill  - The "OldcommguyT"
> B.T. Solutions, Inc.
> Phone - 770-640-0809
> Website - www.lovemytool.com
> e-mail - Tim@xxxxxxxxxxxxxx
> Please honor and support our Troops, Law Enforcement and
> First Responders!
> All Gave Some - Some Gave All!
>
>
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Lee
> Sent: Monday, April 12, 2010 3:00 PM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] Looking for a portable
> sniffing-friendlyhub/switch
>
> One difference between the $1K tap and the DIY version might
> be that the expensive one will work wherever you put it in
> your network.
>
> The DIY version instructions to
>   Strip the cat 5 cable and untwist all the individual wires.
> I believe makes it not cat 5 any more.  It's probably still
> good enough for it's intended purpose - ie. at home & cheap -
> but maybe not such a great idea to use on a critical link at
> work.  (which isn't going to stop me from trying to make one myself :)
>
> Thanks for the link to the DIY taps - I hadn't seen those before.
>
> Regards,
> Lee
>
>
> On 4/12/10, RUOFF, LARS (LARS)** CTR **
> <lars.ruoff@xxxxxxxxxxxxxxxxxx>
> wrote:
> > Hi,
> > thanks to all who have contributed!
> > First of all, i'd like to say that i fully understand the
> point of the
> > TAP advocats.
> > But I should have added that most of my sniffing use cases
> are related
> > to network or application layer stuff (mostly VoIP) on low
> bandwidth links.
> > So with this in mind, i go 100% with the comment of Martin
> and think
> > that
> a
> > port mirroring switch will do the job better for most of my needs.
> > (But i'm  still looking forward to use a tap sometime)
> >
> > As for another provocative question to through into the
> arena, what's
> > the difference between this one...
> > http://www.networktapstore.com/10-100-1000-TAP.asp
> > ($1,095.00! *yuck*)
> >
> > ...and that one:
> > http://hackadaycom.files.wordpress.com/2008/09/tap.jpg?w=450&h=291
> > ;-)
> >
> > or for some more details:
> >
> http://thnetos.wordpress.com/2008/02/22/create-a-passive-netwo
> rk-tap-for-you
> r-home-network/
> > http://www.enigmacurry.com/category/diy/
> >
> > What are the limits of the second type of "solution" in practice?
> >
> > Another question, purely technical:
> > When using a tap, what's the sniffing process:
> > Sniff simultaneously on 2 NICs on same PC (2x dumpcap),
> then merge the
> files
> > with mergecap?
> >
> > Any other hub/switch recommendations?
> >
> > PS: I will add the info to the Wiki.
> >
> > thanks,
> > regards,
> > Lars
> >
> >
> >> -----Original Message-----
> >> From: wireshark-users-bounces@xxxxxxxxxxxxx
> >> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy
> >> Harris
> >> Sent: dimanche 11 avril 2010 22:00
> >> To: Community support list for Wireshark
> >> Subject: Re: [Wireshark-users] Looking for a portable
> >> sniffing-friendlyhub/switch
> >>
> >>
> >> On Apr 11, 2010, at 12:56 PM, Guy Harris wrote:
> >>
> >> > The right place might be
> >> >
> >> >  http://wiki.wireshark.org/CaptureSetup/Ethernet
> >> >
> >> > as it already has some information on this.
> >>
> >> I've added a link to that from the front page, just as
> there's a link
> >> to CaptureSetup/WLAN.
> >> ______________________________________________________________
> >> _____________
> >> Sent via:    Wireshark-users mailing list
> >> <wireshark-users@xxxxxxxxxxxxx>
> >> Archives:    http://www.wireshark.org/lists/wireshark-users
> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >>
> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> >>
> >
> ______________________________________________________________
> _____________
> > Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >
> > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> >
> ______________________________________________________________
> _____________
> Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ______________________________________________________________
> _____________
> Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe