[wplug] Tapping into an Ethernet connection

Rob Jeffries rl_jeffries at comcast.net
Sat May 16 07:40:47 EDT 2009


the vendor's and their docs sometimes refer to these as switching-hubs,
ie they're switches. 

while there are ways to splice ethernet cables to do this, I've not
tried them and don't recommend it for something like testing other
equipment.  I highly recommend the cisco swtich SPAN/mirroring options
recommended early.

rj


On Fri, 2009-05-15 at 11:24 -0400, Max Putas wrote:
> Lawrence,
> 
> On Fri, May 15, 2009 at 10:37 AM, Brian A. Seklecki
> <lavalamp at spiritual-machines.org> wrote:
> > Since this isn't the 80s:
> >
> > Just get a $100 Cisco Catalyst of just about any model off of Ebay an
> > run:
> >
> > switch# sh run | include monitor
> > monitor session 1 source vlan 11 , 20
> > monitor session 1 destination interface Gi0/27
> >
> > switch# sh monitor session 1
> > Session 1
> > ---------
> > Type : Local Session
> > Source VLANs :
> > Both : 11,20
> > Destination Ports : Gi0/27
> > Encapsulation : Native
> > Ingress : Disabled
> >
> > ---------------
> >
> > Replace the VLAN source with a physical source if you don't need to
> > strip VLAN Headers.
> >
> > I recommend the Cat 3560-24 or Cat 3550-12T series for gig.
> >
> > ~BAS
> >
> >
> >> Your best bet is to set up a Linux machine with 2 NICs and bridge
> >> them, then use wireshark on the bridge interface.  Either that or get
> >> an (expensive) managed switch that can do port mirroring.
> >>
> >>
> >> Moshe
> 
> Another option would be to make your own receive only Ethernet tap.
> These links will prove useful:
> 
> http://www.ossmann.com/5-in-1.html
> 
> http://www.dgonzalez.net/pub/roc/
> 



More information about the wplug mailing list