Why you should ignore the darkside of network taps
I’ve just spent nearly £100 on that little black plastic box you can see in the picture.
This isn’t because I suddenly found I need a tiny five-port hub, even though the box in question will perform that role – it’s because I’ve recently sat through a couple of impressive demos of packet-capture utilities.
These products have been getting a bad press in corporate environments, mainly because they feature in a lot of hacker and security scenarios and, strictly speaking, if you have a managed switch you shouldn’t need a little box like this.
Managed switches often include a feature that copies every bit of traffic aimed at one port down another port, and an easy way to do what you need to do to fix a misbehaving or overloaded connection is to put a packet-capture tool onto a laptop, mirror the port traffic into it from the misbehaving port, and read what you need by judicious use of the packet-capture log search tools.
It sounds so simple that I’m mystified as to why such opprobrium has become attached to a technology this useful. If your business has a network problem then surely this type of diagnostic tool should be invaluable? The problem lies in the minds of the people rather than in the technology itself.
I’m not entirely at liberty to describe what I was up to, and this may go some way to explain this strange mental barrier that surrounds network taps
Eventually, I was given a job where it mattered a lot that nobody should realise that I’d been running a packet logger until after the report was written and the situation made clearer, and it was on that job that paying for a network test access point (tap) – this tiny plastic box from Dualcomm – became more than worthwhile.
I could park an innocuously ancient laptop behind a desk, power this little box from the laptop’s USB port, and then hook up the laptop via the tap to the wallport on one connection and the machine where the alleged problem had been developing via another.
I’m not entirely at liberty to describe what I was up to, and this may go some way to explain this strange mental barrier that surrounds network taps, and also how it is they’re so curiously difficult to buy and so seldom mentioned in polite society.
In the right hands they’re pretty close to being the ultimate diagnostic tool, but consider this – I was steered toward this new and appealingly portable type of tap during a demonstration at Microsoft TechEd by Laura Chappell, the proprietor of Wireshark Network Analysis.