Reddit Reddit reviews SharkTap Network Sniffer

We found 9 Reddit comments about SharkTap Network Sniffer. Here are the top ones, ranked by their Reddit score.

Computer Networking
Electronics
Computers & Accessories
SharkTap Network Sniffer
The SharkTap is a special purpose 10/100Base-T ethernet switch that allows you to 'tap into' an ethernet connection. It is intended to be used with the open source Wireshark network analyzer or equivalent.Conventional switches route packets only to the intended destination port, reducing traffic, but preventing a third port from seeing all packets. The SharkTap sends a copy of all packets on the 'NETWORK' ports to the 'TAP' port.Powered from a micro-USB cable (included), draws 250mA or less.Other features: Passive technology will not alter NETWORK traffic, even with power off.
Check price on Amazon

9 Reddit comments about SharkTap Network Sniffer:

u/aydiosmio · 5 pointsr/AskNetsec

> No, you can't drop it because you're passively monitoring it.

That's not true. The IPS can send RST packets to both endpoints and cause the connection to prematurely terminate, or ICMP unreachable for UDP.

You can also just use an older hub, but here are some affordable devices which support mirroring:

https://www.amazon.com/midBit-Technologies-LLC-10-100/dp/B00DY77HHK/

https://www.amazon.com/Dualcomm-DCSW-1005-Powered-Ethernet-Mirroring/dp/B002BSF112/

https://www.amazon.com/NETGEAR-GS105Ev2-Ethernet-Lifetime-Replacement/dp/B00HGLVZLY/

https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG105E/dp/B00N0OHEMA/



u/julietscause · 3 pointsr/AskNetsec

I'm not sure how going to Ubiquiti Unifi AP is going to solve the issue of someone abusing your network?

The biggiest issue with home network/SOHO devices its hard to monitor what is coming in and going out of your network. Me personally I would shut wireless off.

Then I would build/get a network tap and place it between your modem and your router

You can build your own here
http://www.instructables.com/id/Make-a-Passive-Network-Tap/

Or you can just buy one

http://www.amazon.com/midBit-Technologies-LLC-10-100/dp/B00DY77HHK/ref=sr_1_1?ie=UTF8&qid=1426020458&sr=8-1&keywords=network+tap

Then I would get a system that plugs into that network tap (or if your desktop has two network cards) I would plug into the tap port and start watching all your traffic on your network using something like wireshark (and setup a filter for bittorrent traffic). The only thing is you will see the traffic but not from what host on the internal network.

Check out your manual
http://www.downloads.netgear.com/files/GDC/WNR1000V2/WNR1000v2_UM_19NOV2009.pdf

Honestly because of the lack of security on most SOHO routers, I would change the subnet of your network then turn off DHCP on your network. Use something like 192.168.245.0/24 then turn off DHCP. If you have someone on your network, they are gonna be spending a lot of time trying to figure out what subnet you are using. If you want to make it even harder just use one of class A/B private subnets. Note this is only to hamper someone on your network, there are ways to figure out that info however this will make it a little bit more difficult while you look at your network. After that, change your SSID again and your encryption keys and just start watching

Worse case your machine has some kind of keylogger that is reporting to someone. Or you someone has a physical device on your network

u/coderego · 3 pointsr/networking

> me thing and I found this device http://www.amazon.com/midBit-Technologies-LLC-10-100/dp/B00DY77HHK that should allow me to mirror my uplink to the DSL modem. I will just use my second physical NIC into a VM with security onion.

So this would sit between the router and the modem? would that not prevent me from knowing which machine on the LAN was in the conversation?

u/framerelayproblem · 3 pointsr/networking

I'm interested in doing the same thing and I found this device http://www.amazon.com/midBit-Technologies-LLC-10-100/dp/B00DY77HHK that should allow me to mirror my uplink to the DSL modem. I will just use my second physical NIC into a VM with security onion.

u/maineac · 2 pointsr/wireshark

Take a capture on each side of the router. If you see packets missing coming towards the router it is the ISP. If you see packets missing on packets going through the router then the issue is the router. You will probably need an ethernet tap in order to see the traffic.

u/0xBADB17E · 2 pointsr/cybersecurity

Offhand I don't have any solid recommendations. I think this Ubiquiti switch has port mirroring. The spec sheet mentions it but doesn't get into details. Cisco has it on many of their devices but refer to it as 'SPAN'.

A network tap would be a superior option, but they get expensive if you need anything over 10/100baseT.

You can also pick up used gear from craigslist. I've used an old Cisco ASA5505 for years since my internet never breaks 100 Mb/s.

u/kWV0XhdO · 2 pointsr/networking

This is pretty much exactly what's going on with the sharktap. It's just a cheap 5-port micrel 10/100 Ethernet switching chip permanently configured to do mirror duty.

u/DLMullikin · 1 pointr/networking

How about a Wireshark network tap? As I understood its basically a small 3 port hub powered via micro-USB port. Great for inline ethernet tap sniffing without the need for promiscuous mode NIC. Only drawback is its only 10/100 Mb. Haven't actually tried it myself, but ran across it the other day and stuck it on my own wishlist.
http://amzn.com/B00DY77HHK

u/dghughes · 1 pointr/wireshark

Network tap, for wired.