Net.Shark: TAP + Packet Filtering
Net.Shark is a FPGA based Tap with filtering capabilities, that connected in pass-through mode, is able to capture traffic at wire-speed. Packets are transmitted through two ports and traffic compliant with one of the filters is sent to Wireshark.
Wireshark is a network packet analyzer to examine communication network. Important features are: live packet data capture, display packets with very detailed protocol information, open/save data, import/export from/to other programs. It can search/filter data on many criteria. Wireshark is open source and probably the best packet analyzer available.
Features and Benefits
- World first hand-held, battery and 100% autonomous TAP
- Hardware (FPGA) performace
- Breaks out FDX traffic into separate streams to be dropped
- It may aggregates filtered traffic to one DROP port into a single output stream
- Traffic Regeneration
- Sixteen (16) simultaneous filters can be applied to the traffic
- Ethernet source and destination MAC addresses
- Selection of MAC address sets with masks
- Ethertype value with selection mask
- VLAN-VID with selection mask
- VLAN-CoS value with selection mask
- IP source, destination, and source-and-destination
- IP address group: subset of addresses filtered by masks
- Protocol encapsulated in the IP packet (TCP, UDP, Telnet, FTP, etc.)
- DSCP field, single value and range
- TCP/UDP port, single value and range
- Agnostics filters defined by 16 bits masks and user defined offset
- Lawful filter: 64 byte pattern match at any place in the frame payload
- Any Wireshark user requiring GbE performance
- VoIP providers and installers
- R+D centers
- Law applications
First hand-held Tap in the market
Mirror ports may not provide 100% of network traffic if they are over-subscribed because this process works in background in low priority; moreover it may not even be available for use when necessary. It may also occur that to monitor multiple network channel or VLAN simultaneously and aggregate the data to your network analysis cannot be possible because of the complexity of the set up and execution process.
PCs executing protocol analyzers like Wireshark lack power capacity and traditional taps cannot be moved easily and always depend on another external device because are not self contained. Once you get the traffic there are still limitations such as FDX capture, jitterless timestamp, or field storage of captured data that may only be overcame with a hand-held field tap such Net.Shark.