Barracuda Ethernet Tap/Wireshark

fluk3d
fluk3d used Ask the Experts™
on
Just purchased a barracuda Ethernet tap for my mini lab and wondering how I go about connecting this device to the lab network environment. I am planning on using wireshark to capture packets so any information would be great.

There is the following interfaces on the tap - the instructions that came with the device are very vague.

Tap 1
Tap 2
IN
OUT
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Solutions Architect
Commented:
IN and OUT should be connected to your network, traditionally its placed inline so the IN would go to say a switch/router and OUT would be connected to the firewall or otherdevice (switch or whatever). Basically the device plugs into the network at a place where you would traditionally have A<---->B you would now have A<-----IN -- DEVICE ---OUT ------>B.

TAP 1 and TAP2 each contain one direction of traffic and would be connected to NIC1 and NIC2 on the monitoring device you are using, load wireshark and monitor.
Adrian CantrillSolutions Architect

Commented:
http://www.barracudanetworks.com/tap/specs/Barracuda_Ethernet_Tap_QSG.pdf


that shows an overview of how its connected topology wise.
Adrian CantrillSolutions Architect

Commented:
The Ethernet device is designed to be used in a fairly specific set of requirements, i.e you could use any device with a packet sniffer on to monitor network traffic, but it in itself introduces change and requires configuration.

The tap is designed to transparently sit between two devices and monitor traffic and then egress a copy of the IN and OUT streams directly to the device using the TAP1 and TAP2 ports....

Its not really for general network monitoring.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
OK - that makes sense I was connecting TAP1 to the monitoring device and TAP2 to the PC I wanted to monitor and in from the switch and out to the switch!

I will need to get another nic install on my machine then! so I can have wireshark watch both interfaces, and then I'm guessing I have to merge both dumps as long as they are in sync via time!
Adrian CantrillSolutions Architect

Commented:
They will be in sync, thats the idea of the device it allow monitoring of each direction - its a neat little unit designed to work in high traffic environments :)
Adrian CantrillSolutions Architect

Commented:
And by passing the data directly to a monitoring device you ensure that the actual network you are monitoring isnt polluted with the actual monitoring traffic.
Adrian CantrillSolutions Architect

Commented:
I should add - you can monitor with 1 cable, but then you are limited to either a half duplex link, or one direction at a time.

Author

Commented:
Fantastic explanation!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial