Knowm LAN Tap
  • Knowm LAN Tap
  • Knowm LAN Tap
  • Knowm LAN Tap
  • Knowm LAN Tap

Passive LAN Tap

$ 22.00

SKU: K-1000 Category:

Product Description

Share on Facebook0Tweet about this on TwitterShare on Reddit0Share on Google+0Share on LinkedIn0Share on StumbleUpon0Buffer this pageEmail this to someonePrint this page

International Shipping

Please read the shipping information page especially if you are ordering from outside the United States, as all extra import, duty and/or other taxes may apply.

The Knowm Passive LAN Tap is a passive device for monitoring packet flow on an Ethernet connection. It measures only 37 mm by 31 mm by 11 mm, which is the minimum configuration when placing 4 ethernet ports together side by side on top of a PCB. The Rx and Tx ports are located on the same side of the LAN tap while the traffic ports are located on the opposite side. This configuration allows for a more compact and managable component for your network. The Knowm passive LAN Tap is designed to monitor 10 Base-T and 100 Base-TX networks. A LAN tap is an important network component, enabling network diagnostics, application debugging, and Intrusion Detection Systems (IDS).

Network Monitoring with a LAN Tap

Shown in the following figure is how a LAN tap and monitoring system can be integrated into an existing network. A LAN tap is inserted between the firewall/router/switch and an internal networking switch or router. The monitor device will be able to “see” all the traffic coming into the network and going out of the network and allow for packet analysis with various tools such as WireShark, Snort or Bro. The “monitored network” could be a single computer or an entire array of hosts including those connected wirelessly. The passive tap can be placed anywhere in the system and multiple taps and monitoring devices can be deployed as well. The tap can even sit in front of the firewall.

Passive LAN Tap

Passive LAN Tap

Passive LAN taps essentially allow all traffic on a network device to be monitored. Passive LAN taps are also very useful for passive network troubleshooting and analysis. Further, the tap makes a related intrusion detection system more secure, preventing attackers from being able to directly attack the IDS system since there is no outside facing network port. A passive LAN tap will create two channels though, one for each traffic flow direction. This requires two network interface cards and software to bond the channels back together into one.

Alternative LAN Taps

An aggregator LAN tap is tap device that bonds the channels together via hardware requiring only one network card port on the monitor computer. Aggregator taps are very expensive, however they are convenient and efficient because no port bonding is necessary on the monitor computer.

For 1000 Mbps (Gigabit) networks, an active LAN tap is necessary, as the passive network LAN tap can only handle up to 100 Mbps traffic. These expensive alternatives are best for high-speed networks with heavy traffic and can run upward to $1000 or more.

Mirror ports or span ports are found on most enterprise switches and internally copy the activity on one or more ports and make it available on a single aggregated port containing both the RX and TX traffic. Like aggregator taps, no port bonding is necessary. Span ports are low cost because they are integrated into switches, however they put strain on the network switch’s hardware and are known to suffer from a bit of packet loss.

Bonding Channels for Passive Taps

When using a passive or active LAN tap and not an “aggregator” or “mirror port”, both the ‘incoming’ and ‘outgoing’ channels need to be bonded together for IDS systems to process as a single network flow channel. This setup involves using a technique called bonding to take two physical interfaces and bond them together, creating a logical interface that we can use for Snort as an example. For step-by-step instructions on how to set up port bonding, see How To Create a Bonded Network Interface.

Port Bond

Port Bond

Useful Links and Resources

  1. Implementing Networks Taps with Network Intrusion Detection Systems
  2. USB-Ethernet device for Linux
  3. Wireshark Capture using a network tap
  4. Ethernet channel Bonding
  5. Bonding in Linux
  6. Bonding in Linux 2
  7. Network Tap at Wikipedia – to physically tap into a network traffic stream. Once a tap is in place, a monitoring device can be connected to it as-needed without impacting the monitored network. The word passive in this instance means that there is no way to detect the device’s presence.
  8. Home setup with Snort and a network tap
  9. Port Mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. Cisco calls port monitoring SPAN, which stands for Switched Port Analyzer.
  10. Home Passive Tap setup
Share on Facebook0Tweet about this on TwitterShare on Reddit0Share on Google+0Share on LinkedIn0Share on StumbleUpon0Buffer this pageEmail this to someonePrint this page

Additional Information

Weight .1 kg
Dimensions 27 x 27 x 18 cm

Reviews

There are no reviews yet.

Be the first to review “Passive LAN Tap”

Your email address will not be published. Required fields are marked *