Tiny, Portable & Affordable...
Aggregating Full Duplex Ethernet Tap
Use your Laptop with Wireshark to create a
to analyze data problems on a network, security problems on a network, and
VoIP voice quality / call setup problems
Store VoIP packets using the EtherShark™ Tap
to the actual call the user
and Wireshark, then
is complaining about from captured packets, later!
Connects to your PC or Laptop via USB 2.0
Since you can't see
network problems with your bare eyes, the only way
to fix a lot of network problems is to put captured packets of data on a
screen, using a Network Sniffer.
If your network is slow, if there are
database connectivity problems, if your VoIP sounds like garbage, if you
think there's malware stealing private data from your network, it's time to
break out the only tool that will let you see
You could waste days, weeks or months
trying to figure out what's wrong with your network without the right tool!
They say time is money. Most of us don't have a lot of either these days.
It's time to work smarter, and save both time and money.
Once you can see
the data packets that are sent (or delayed), extra traffic from malware
slowing the network down, and any network errors causing retransmissions,
you stand a chance of finding a piece of network gear, workstation, malware,
or VoIP phone /service causing problems. Malware can add so much traffic to a network
that VoIP calls just aren't going to work well unless you get rid of the
Think there are security problems
or malware causing problems on the network? When you can see and trace the
packets, you can see the IP address(s) causing problems - on the local
network or the IP address they're coming from on the Internet.
Put this small affordable tool in your laptop
case, install the open source Wireshark software (included on the included
USB key, or download it from the Wireshark web site), and you've created a
very sophisticated network sniffer that lets you actually see what's
happening on your network... not guess!
Using the open source Wireshark packet
analyzer with a couple of clicks you can look at specific types of
traffic... like just UDP, just TCP, just SIP and RTP packets (for
VoIP), or just network errors.
We sell this tool because there are lots of
problems with VoIP, and many of them are because the packets get lost or
delayed on the local network. If the local network isn't working right,
there's no way a VoIP phone call is going to sound good!
Note that the EtherShark™ Tap will
pass Power over Ethernet (POE) through to VoIP phones
(or other network equipment) using the POE 802.3af standard, which
most modern phones that work with POE conform to. If it didn't pass POE, it
might be a bear to find a power cube to power the phone locally while
In the old days, telephone problems were
pretty easy to fix. You could monitor the voice with a butt-set and make
calls to hear what was wrong.
Today, because packets are going to be
delayed a different amount from one moment to the next, depending on what
other traffic is on the network - like a large database or graphic file,
it's critical to voice quality that the everything on the network is running
correctly - not just the VoIP phones.
Now you can
VoIP conversation the user
is complaining about!
Using the EtherShark™ Tap and
Wireshark software, you can actually reconstruct the captured
packets from a particular VoIP conversation (most VoIP calls are not
encrypted, but you can't listen to an encrypted call), and
listen to both sides of the conversation to hear what the user is
When you hear the problem you can look at
the timing of the packets, and any errors that caused the problems.
This is the only way to find out what's wrong!
you can do it cheaper than using an aggregating tap like the
EtherShark™ Tap... But then you need 2 NIC cards to capture both Sent and
Received Packets, which isn't very portable!
With the EtherShark™ Tap, you spend a little money to get a very portable
packet analyzer that's much quicker and easier to setup!
An aggregating Ethernet tap
combines (aggregates) both transmit and receive packets into one stream
that's fed into a single PC, running packet analyzer software. It's also
called an aggregation tap. It lets you see all the
network traffic - both transmit and receive.
If you make or buy an inexpensive
Ethernet tap you'll need two of them - one for transmit into one
NIC, and one for receive into another NIC... but NIC cards are
cheap. With only one non-aggregating tap you'll either get the
packets from the network,
OR the workstation / VoIP phone, but not both.
You can find instructions for making a really
cheap non-aggregating passive (un-powered) tap on google, for
a few dollars worth of parts and some solder. Search google for: passive
NOTE: Many NIC cards
throw away error packets, which makes trying to fix network
problems using an analyzer with a non-aggregating tap and NIC cards a real
waste of time! If you're using the packet analyzer to catch security
problems, not network problems, two non-aggregating taps can
be an inexpensive solution that should work fine.
If someone is advertising an Ethernet Tap
that uses the word "mirroring" you know you won't get the hard errors
that may be causing your problems (like a NIC card), and you could spend a lot
of time chasing your tail!
Likewise if a device uses the word
"regenerating" they are sucking in the packets on one port, putting them
into memory, and retransmitting them out another port. That's going to work in
many instances but it's safer to use a device like the Ethershark Tap™
that only monitors the packets on the way through the Tap, it
doesn't change them in any way.
This 10/100 Tap
can't be used with a gigabit network. There isn't
enough bandwidth on a USB 2.0 port to handle the transmit and receive
data for 1000/gigabit. You can certainly buy a gigabit aggregating tap, but
it's going to cost a lot!
Depending on your network an alternative may
be able to carry a small gigabit/auto sensing switch that will turn the
gigabit switch port into 10/100 for troubleshooting. But you're
regenerating the packets so you may miss something important?
Plug the cable from the
network gigabit switch into the portable switch, then a patch cord into the EtherShark™ Tap,
and another patch cord into the workstation or phone. You end up gigabit
from the customer's switch to your troubleshooting portable switch, but 10/100 to the
workstation or phone (through the Ethershark™ Tap).
This is an inexpensive small gigabit switch
to carry for troubleshooting that will also work with 10/100, and four of
the eight ports work with POE.
Another option for sniffing packets is using
a packet analyzer like Wireshark on a laptop plugged into a port on a
managed Ethernet switch, to allow packets for a particular port to be
mirrored to the port with the sniffer... But most switches
throw away error packets. Again, that makes trying to fix network problems
using an analyzer plugged into the managed switch a real waste of time, but
that's a perfectly reasonable and inexpensive solution if you're just trying
to track down security issues.
If you're trying to find a problem on a
single PC or laptop, you can load Wireshark on that
machine without using any kind of tap. Wireshark will
see both send and receive packets to that machine.
For VoIP problems, a free screen phone
running on the PC may get you started. Run both
the screen phone and Wireshark on the PC you're testing on. That's also a
good way to get your feet wet using a packet analyzer program like Wireshark
to look at SIP calls without
spending any money (you don't need a Tap for that).
It's time to start to
what's really causing your network and VoIP problems, with the EtherShark™
Works with Windows, MACs and Linux machines (open source
packet analyzer software is available for all three operating systems).
Note: A customer reports that he got it working with Windows 8 by
using the W8 automatically downloaded driver, but that he had to change
the "Connection Type" property to "1000Base T Full_Duplex."
We're not recommending Windows 8 at this time, but it seemed to work.
Works with most packet analyzer software...
EtherShark™ Tap simply appears as a NIC card on the laptop or PC
Full-duplex aggregation of 10/100 into USB 2.0 (won't
work with USB 1.1, which is too slow)
Non-intrusive in-line monitoring... It
won't change, add or delete delete any packets on the network!
Permanent Network Link feature, keeps the network
device working if the laptop or PC is shut off, or the USB comes
Monitoring for all Protocol Levels
No Packet Loss
Ultra compact, and very light weight
USB powered, no AC adaptor or batteries required
802.3af Power over Ethernet (PoE) supported (provides
the standard 15.4W, not 25.5W)
EasyStat software (Java) is included which gives
you network statistics and errors in a graphical format (will run
simultaneously with a packet analyzer like Wireshark). NOTE that
since this is a Java program, it may not run on newer versions of Java
which have been changed due to security concerns (although most of the
security problems with Java relate to its use in a browser).
The EtherShark™ Tap includes:
EtherShark™ Tap USB
Powered Main Unit
USB key containing drivers
RJ45 CAT5 patch cord
USB 2.0 cable
User’s manual on USB key
Figure about an hour to load the drivers and Wireshark on your laptop, and
test it out the first time you use it.
After that, it'll just take a few minutes to:
- Fire up your laptop
- Plug the EtherShark™ Tap into the USB 2.0 port
- Double click on the desktop shortcut to start the Wireshark packet
- Remove the CAT5 patch cord from the workstation, VoIP phone, network
switch or router, or other piece of network equipment - and plug it into
a port on the
- Plug the short CAT5 patch cord (included) into the other port on the
EtherShark™ Tap, and then into the jack on the equipment you just
removed the CAT5 patch cord from
- Capture the packets for a while using Wireshark, then select the
types of packets you want to see and analyze in Wireshark... or listen
to VoIP calls reassembled from the saved packets, and watch how the
calls were setup using Wireshark
Figure on at least a few hours playing with Wireshark to familiarize
yourself with packet analysis. You can do that before you buy an EtherShark™
Tap by just watching the packets coming from and going to the laptop or PC
you're running Wireshark on.
Click on the Wireshark screenshot below to see it full size:
It's not as hard as it looks! Sure, looking at all the packets is
overwhelming. But with Wireshark's filters and colorization, you can
have it show you just the IP addresses you need to look at, or just the type
of packets you need to see to diagnose your problem.
It helps to get save a base-line trace of the packets so you know what
kind of traffic is normally on the network, but you probably
won't have that luxury at most customer sites. Capturing packets before or
after working hours will help you get an idea of what the network looks like
with no traffic, and then with traffic during the day. Check it out on your
own network, and see what you find!
You can download Wireshark at:
The EtherShark™ Tap and Wireshark are not the kind of
things you want to get the night before you go on a service call. Play with
it at home or at the office (any network will let you learn the basics of
Wireshark). You'll waste your time, and your customer's money using it
for the first time in the heat of battle.
Terrell Boyer is a Wireshark VoIP expert and in his YouTube
video "The Ultimate Wireshark Tutorial" he gives you all the information
you need to start using Wireshark to fix network problems right away.
Well, maybe after a couple of hours watching this video a couple of times,
and another few hours playing with it on your network. If you have to fix
network or VoIP problems and are intimidated by Wireshark, this will be the best
50 minutes you'll ever spend:
More than half the battle in finding network problems is placing your
packet analyzer in the right place! You have to place it
between the problem workstation and the switch, or the router and the
switch, or someplace else that analyzing the packets leads you. If you put
it in a place that will never see the packets you want to capture, you can't
fix the problem because you won't see it.
In the video Terrell shows how you can capture the traces at two
places on the network (at the same time) from two laptops, and then merge both
traces into one so you can follow the traffic through the network in
Remember that if you don't use an aggregating Ethernet tap like
EtherShark™ Tap, you might miss capturing the error packets that are
causing your problems - but mirroring ports on a switch works in most cases.
Want to hear what your call sounds like? Use
The Test Call.
These are two phone numbers they
provide (they don't have unlimited numbers in the hunt, so you may get a busy
number (A service where you can get a free Washington state incoming
phone number to use with your SIP device
The Test Call
record your voice until you hit #, then play it back.
a free test number that anybody can call (from any kind of line) to see how they sound by letting you
talk - and then playing back your voice. He has the service available through
several SIP providers which is important since one route may work OK, and the
another not so good.
There is a menu that lets you read back your Caller
ID, do an Echo Test which gives you an idea of the latency (delay) on that
and allows you to do several other neat tests including check to see how the
Touch Tone digits are received by his system (sometimes a problem with SIP!).
If you carry a VoIP phone as your VoIP Butt-set, you
might want to program a couple of speed dial buttons for their two phone
numbers (one or the other may be busy when you call). Their Echo Test will
both show you the latency as well as if your voice is breaking up on outbound
calls. The inbound bandwidth is often more, so you may not realize the outbound
voice is breaking up without listening to the Record/Playback or Echo Test.
It's a free service, but you can donate on their web
If you're selling or maintaining a network,
selling or maintaining software that works on a network, securing a network
and rid it of malware, or selling or maintaining VoIP service and equipment,
this is the tool you've been looking for to
fix problems like a professional!
EtherShark™ Tap today!
3+ @ $859.95 ea.
Call 630-980-7710 to order... 8:30 to 5PM, M-F, Chicago
Click HERE for the EtherShark™ Tap manual in