Re: Ethernet TAP's

From: Chris Reining (creining@packetfu.org)
Date: Thu Mar 11 2004 - 20:57:18 EST


> Any recommendations on specific Ethernet TAP's for sniffing switches?

First off, I assume you know that sniffing a switch is possible with
most or all high end switches using port mirroring or spanning.

WRT TAPs, there's only a few players in this area. There's Intrusion,
Finisar (was Shomiti), Netoptics, and Toplayer. I may be leaving a few
out here that I'm not aware of. A couple pointers on picking an ethernet
TAP: is there a fail-safe mechanism (if the TAP loses power will it
still maintain network link) and in what way does the tap deal with full
duplex (if that's the nature of your environment). Some TAPs require
that 2 outputs are needed and you are responsible for aggregation of the
two half duplex streams while others do the aggregation and provide a
full duplex output. In the case that a full duplex output is presented
from the TAP make *sure* that the manufacturers product will not drop
output traffic when, for example, there's greater than 50% utilization
on each side, or greater than 100Mbps. All in all it is my belief that
NetOptics makes decent ethernet TAPs.

HTH,
Chris

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:50 EDT