I started building these many years ago, and resurrected the idea when I started doing deep troubleshooting for VoIP networks. The idea is this. You want transmitted packets from both sides of a network link to go to be received by your laptop. This can be done by using SPAN on a Cisco switch, but SPAN strips certain layer 2 things like CoS and VLAN tagging. Also, sometimes you don’t have the option to do a SPAN, like if your switch isn’t Cisco, or doesn’t support the feature, or maybe you don’t have access to the switch. This is where having a network tap comes in handy. It is built so that the send pair from side A of the connection is connected to your receive pair as well as the side B receive pair, and the send pair of side B is connected to a receive pair on your second network card as well as side A receive pair. Got it? I haven’t tried this but in theory you could use one network card in your laptop and a hub since that would allow both network streams to share the same receive pair on your network card. Now that you’ve got that down, install Wireshark and start capturing packets until your heart is content.
Monday, March 31, 2008
Subscribe to:
Post Comments (Atom)
1 comments:
Forgot to note that this type of hardware only tap doesn't work for Gigabit ethernet, which is full duplex in nature. Because of this, you might as well only wire your tap using pins 1,2,3 and 6. Cisco PoE uses these pins as well, so if you are sniffing from a Cisco phone it will still work and force the connection to negotiate 10/100 and not Gig.
Post a Comment