Multi-Tap Network Packet Capturing: Difference between revisions
Line 20: | Line 20: | ||
This section will demonstrate a '''Multi-Tap Network Packet''' session using 2 network interfaces ('''eth1''' and '''eth2''') as the ''target'' capture interfaces. We will concentrate on '''email''' traffic ('''POP''' and '''SMTP'''). It is assumed that the '''NST''' probe has sufficient network interface adapters (at least 2 in this case) to perform this capture. | This section will demonstrate a '''Multi-Tap Network Packet''' session using 2 network interfaces ('''eth1''' and '''eth2''') as the ''target'' capture interfaces. We will concentrate on '''email''' traffic ('''POP''' and '''SMTP'''). It is assumed that the '''NST''' probe has sufficient network interface adapters (at least 2 in this case) to perform this capture. | ||
=== Step: 1 === | === Step: 1 NST WUI Multi-Tap Network Packet Capture Page === | ||
Enter the '''NST WUI Multi-Tap Network Packet Capture''' page. | Enter the '''NST WUI Multi-Tap Network Packet Capture''' page. From the '''NST WUI Menu''' go to '''Networking''' then '''Protocol Analysers''' and then '''Multi-Tap Network Packet Capture'''. | ||
=== Step: 2 === |
Revision as of 08:03, 2 July 2008
Overview
This section will demonstrate the use of Multi-Tap Network Packet Capture with NST. The NST WUI implementation supports simultaneous Packet Capture on up to 4 network interfaces (Quad Tap) per multi-tap capture session. NST uses the Wireshark network protocol analyzer suite for network packet capture. The light-weight network packet capture tool: "dumpcap" is used as the capture engine.
When capturing packets at Gigabit Ethernet rates and one needs total visibility on the link, then a passive tap is required. Net Optics, a global leader in passive monitoring, makes an excellent 10/100/1000BaseT Tap (TP-CU3) for passively allowing access to monitor GigaBit traffic.
Multi-Tap Network Packet Capture: NAT/PAT Traffic
The diagram depicted below shows an example Multi-Tap Capture Setup for monitoring GigaBit traffic across a firewall boundary. We will explore the capturing of packets as they transverse the firewall and undergo both Network and Port Address Translation.
Multi-Tap Network Packet Capture: Traffic Between Gigabit Switches
The diagram displayed below shows an example Dual-Tap Capture Setup for monitoring network traffic between 2 Gigabit switches. In this case a generic notebook computer was used and configured with 3 network interfaces (A built-in Gigabit LAN adapter, a Gigabit LAN adapter PC-Card and a built-in 802.11g/n wireless adapter for secure remote access and control of NST).
Example Multi-Tap Network Packet Capture Session: Step-By-Step
This section will demonstrate a Multi-Tap Network Packet session using 2 network interfaces (eth1 and eth2) as the target capture interfaces. We will concentrate on email traffic (POP and SMTP). It is assumed that the NST probe has sufficient network interface adapters (at least 2 in this case) to perform this capture.
Step: 1 NST WUI Multi-Tap Network Packet Capture Page
Enter the NST WUI Multi-Tap Network Packet Capture page. From the NST WUI Menu go to Networking then Protocol Analysers and then Multi-Tap Network Packet Capture.