EtherShark™ Tap Aggregating Full Duplex Ethernet Tap from sandman.com
Voice & Data Parts, Tools & Training from the Telecom Experts at sandman.com
       The Telecom Experts... Solving Your Voice & Data Problems                          
23 Years of Helping Fix Phone Problems - Orders normally shipped the same or next day since 1990 from sandman.com
   Home    About Us    Contact Us    Shipping & Payment     Tech Bulletins    Catalog Request    Tech Blog    CO Lookup
  Click HERE to go to Mike Sandman Enterprises Telecom Design and Manufacturing Consulting Division
 
Click to Email a Link to this Page  Email Link to This Page
       Click HERE to Search


EtherShark™ Tap

Tiny, Portable & Affordable...

10/100 Aggregating Full Duplex Ethernet Tap

Use your Laptop with Wireshark to create a Network Sniffer to analyze data problems on a network, security problems on a network, and VoIP voice quality / call setup problems

Store VoIP packets using the EtherShark™ Tap
and Wireshark, then
listen to the actual call the user
is complaining about from captured packets, later!

Connects to your PC or Laptop via USB 2.0

Since you can't see network problems with your bare eyes, the only way to fix a lot of network problems is to put captured packets of data on a screen, using a Network Sniffer.

If your network is slow, if there are database connectivity problems, if your VoIP sounds like garbage, if you think there's malware stealing private data from your network, it's time to break out the only tool that will let you see what's wrong.

You could waste days, weeks or months trying to figure out what's wrong with your network without the right tool! They say time is money. Most of us don't have a lot of either these days. It's time to work smarter, and save both time and money.

Once you can see the data packets that are sent (or delayed), extra traffic from malware slowing the network down, and any network errors causing retransmissions, you stand a chance of finding a piece of network gear, workstation, malware, or VoIP phone /service causing problems. Malware can add so much traffic to a network that VoIP calls just aren't going to work well unless you get rid of the malware.

Think there are security problems or malware causing problems on the network? When you can see and trace the packets, you can see the IP address(s) causing problems - on the local network or the IP address they're coming from on the Internet.

Put this small affordable tool in your laptop case, install the open source Wireshark software (included on the included USB key, or download it from the Wireshark web site), and you've created a very sophisticated network sniffer that lets you actually see what's happening on your network... not guess!

Using the open source Wireshark packet analyzer with a couple of clicks you can look at specific types of traffic... like just UDP, just TCP, just SIP and RTP packets (for VoIP), or just network errors.

We sell this tool because there are lots of problems with VoIP, and many of them are because the packets get lost or delayed on the local network. If the local network isn't working right, there's no way a VoIP phone call is going to sound good!

Note that the EtherShark™ Tap will pass Power over Ethernet (POE) through to VoIP phones (or other network equipment) using the POE 802.3af standard, which most modern phones that work with POE conform to. If it didn't pass POE, it might be a bear to find a power cube to power the phone locally while you're testing.

In the old days, telephone problems were pretty easy to fix. You could monitor the voice with a butt-set and make calls to hear what was wrong.

Today, because packets are going to be delayed a different amount from one moment to the next, depending on what other traffic is on the network - like a large database or graphic file, it's critical to voice quality that the everything on the network is running correctly - not just the VoIP phones.

Now you can hear the actual
VoIP conversation the user
is complaining about!

Using the EtherShark™ Tap and Wireshark software, you can actually reconstruct the captured packets from a particular VoIP conversation (most VoIP calls are not encrypted, but you can't listen to an encrypted call), and listen to both sides of the conversation to hear what the user is complaining about!

When you hear the problem you can look at the timing of the packets, and any errors that caused the problems.  This is the only way to find out what's wrong!
  

YES, you can do it cheaper than using an aggregating tap like the EtherShark™ Tap... But then you need 2 NIC cards to capture both Sent and Received Packets, which isn't very portable!
  

Unless you use an Aggregating Ethernet Tap, you need 2 NIC cards!

  
With the EtherShark™ Tap, you spend a little money to get a very portable packet analyzer that's much quicker and easier to setup!
   

Yes, you can do it cheaper without an Aggregating Tap... But you need 2 NIC Cards to capture both Sent and Received Packets!

An aggregating Ethernet tap combines (aggregates) both transmit and receive packets into one stream that's fed into a single PC, running packet analyzer software. It's also called an aggregation tap. It lets you see all  the network traffic - both transmit and receive.

If you make or buy an inexpensive  non-aggregating  Ethernet tap you'll need two of them - one for transmit into one NIC, and one for receive into another NIC... but NIC cards are cheap. With only one non-aggregating tap you'll either get the packets from the network, OR the workstation / VoIP phone, but not both.

You can find instructions for making a really cheap non-aggregating passive (un-powered) tap on google, for a few dollars worth of parts and some solder. Search google for: passive ethernet tap

NOTE:   Many NIC cards throw away error packets, which makes trying to fix network problems using an analyzer with a non-aggregating tap and NIC cards a real waste of time! If you're using the packet analyzer to catch security problems, not network problems, two non-aggregating taps can be an inexpensive solution that should work fine.

If someone is advertising an Ethernet Tap that uses the word "mirroring" you know you won't get the hard errors that may be causing your problems (like a NIC card), and you could spend a lot of time chasing your tail!

Likewise if a device uses the word "regenerating" they are sucking in the packets on one port, putting them into memory, and retransmitting them out another port. That's going to work in many instances but it's safer to use a device like the Ethershark Tap™ that only monitors the packets on the way through the Tap, it doesn't change them in any way.


GIGABIT?

This 10/100 Tap can't  be used with a gigabit network. There isn't enough bandwidth on a USB 2.0 port to handle the transmit and receive data for 1000/gigabit. You can certainly buy a gigabit aggregating tap, but it's going to cost a lot!

Depending on your network an alternative may be able to carry a small gigabit/auto sensing switch that will turn the gigabit switch port into 10/100 for troubleshooting. But you're regenerating the packets so you may miss something important?

Plug the cable from the network gigabit switch into the portable switch, then a patch cord into the EtherShark™ Tap, and another patch cord into the workstation or phone. You end up gigabit from the customer's switch to your troubleshooting portable switch, but 10/100 to the workstation or phone (through the Ethershark™ Tap).

This is an inexpensive small gigabit switch to carry for troubleshooting that will also work with 10/100, and four of the eight ports work with POE.

http://www.amazon.com/Netgear-ProSafe-Gigabit-Ethernet-GS108PE/dp/B004C3ZPEW/ref=sr_1_1?ie=UTF8&qid=1355603686&sr=8-1&keywords=gigabit+poe


Another option for sniffing packets is using a packet analyzer like Wireshark on a laptop plugged into a port on a managed Ethernet switch, to allow packets for a particular port to be mirrored to the port with the sniffer... But most switches throw away error packets. Again, that makes trying to fix network problems using an analyzer plugged into the managed switch a real waste of time, but that's a perfectly reasonable and inexpensive solution if you're just trying to track down security issues.

If you're trying to find a problem on a single PC or laptop, you can load Wireshark on that machine without using any kind of tap.  Wireshark will see both send and receive packets to that machine.

For VoIP problems, a free screen phone running on the PC may get you started. Run both the screen phone and Wireshark on the PC you're testing on. That's also a good way to get your feet wet using a packet analyzer program like Wireshark to look at SIP calls without spending any money (you don't need a Tap for that).

It's time to start to see and understand what's really causing your network and VoIP problems, with the EtherShark™ Tap:

Features:

  • Works with Windows, MACs and Linux machines (open source packet analyzer software is available for all three operating systems). Note: A customer reports that he got it working with Windows 8 by using the W8 automatically downloaded driver, but that he had to change the "Connection Type" property to "1000Base T Full_Duplex." We're not recommending Windows 8 at this time, but it seemed to work.
     

  • Works with most packet analyzer software... EtherShark™ Tap simply appears as a NIC card on the laptop or PC
     

  • Full-duplex aggregation of 10/100 into USB 2.0 (won't work with USB 1.1, which is too slow)
     

  • Non-intrusive in-line monitoring... It won't change, add or delete delete any packets on the network!
     

  • Permanent Network Link feature, keeps the network device working if the laptop or PC is shut off, or the USB comes unplugged
     

  • Monitoring for all Protocol Levels
     

  • No Packet Loss
     

  • Ultra compact, and very light weight
     

  • USB powered, no AC adaptor or batteries required
     

  • 802.3af Power over Ethernet (PoE) supported (provides the standard 15.4W, not 25.5W)
     

  • EasyStat software (Java) is included which gives you network statistics and errors in a graphical format (will run simultaneously with a packet analyzer like Wireshark). NOTE that since this is a Java program, it may not run on newer versions of Java which have been changed due to security concerns (although most of the security problems with Java relate to its use in a browser).
     

The EtherShark™ Tap includes:EtherShark™ Tap in Zipper Case with USB and CAT5 Cables, and USB key with drivers and software

 

  • Zippered Case

  • EtherShark™ Tap USB Powered Main Unit

  • USB key containing drivers and software

  • RJ45 CAT5 patch cord (straight through)

  • USB 2.0 cable

  • User’s manual on USB key

 

 


Figure about an hour to load the drivers and Wireshark on your laptop, and test it out the first time you use it.

After that, it'll just take a few minutes to:

  1. Fire up your laptop
  2. Plug the EtherShark™ Tap into the USB 2.0 port
  3. Double click on the desktop shortcut to start the Wireshark packet analyzer
  4. Remove the CAT5 patch cord from the workstation, VoIP phone, network switch or router, or other piece of network equipment - and plug it into a port on the EtherShark™ Tap
  5. Plug the short CAT5 patch cord (included) into the other port on the EtherShark™ Tap, and then into the jack on the equipment you just removed the CAT5 patch cord from
  6. Capture the packets for a while using Wireshark, then select the types of packets you want to see and analyze in Wireshark... or listen to VoIP calls reassembled from the saved packets, and watch how the calls were setup using Wireshark

Figure on at least a few hours playing with Wireshark to familiarize yourself with packet analysis. You can do that before you buy an EtherShark™ Tap by just watching the packets coming from and going to the laptop or PC you're running Wireshark on.

Click on the Wireshark screenshot below to see it full size:

Click on the Wireshark screenshot to see it full size

It's not as hard as it looks! Sure, looking at all the packets is overwhelming. But with Wireshark's filters and colorization, you can have it show you just the IP addresses you need to look at, or just the type of packets you need to see to diagnose your problem.

It helps to get save a base-line trace of the packets so you know what kind of traffic is normally on the network, but you probably won't have that luxury at most customer sites. Capturing packets before or after working hours will help you get an idea of what the network looks like with no traffic, and then with traffic during the day. Check it out on your own network, and see what you find!

You can download Wireshark at:

http://www.wireshark.org/
 

The EtherShark™ Tap and Wireshark are not the kind of things you want to get the night before you go on a service call. Play with it at home or at the office (any network will let you learn the basics of Wireshark). You'll waste your time, and your customer's money using it for the first time in the heat of battle.

Terrell Boyer is a Wireshark VoIP expert and in his YouTube video "The Ultimate Wireshark Tutorial" he gives you all the information you need to start using Wireshark to fix network problems right away.

Well, maybe after a couple of hours watching this video a couple of times, and another few hours playing with it on your network. If you have to fix network or VoIP problems and are intimidated by Wireshark, this will be the best 50 minutes you'll ever spend:

NOTE:  More than half the battle in finding network problems is placing your packet analyzer in the right place!  You have to place it between the problem workstation and the switch, or the router and the switch, or someplace else that analyzing the packets leads you. If you put it in a place that will never see the packets you want to capture, you can't fix the problem because you won't see it.

In the video Terrell shows how you can capture the traces at two places on the network (at the same time) from two laptops, and then merge both traces into one so you can follow the traffic through the network in Wireshark.

Remember that if you don't use an aggregating Ethernet tap like the EtherShark™ Tap, you might miss capturing the error packets that are causing your problems - but mirroring ports on a switch works in most cases.

 

Want to hear what your call sounds like? Use The Test Call.

These are two phone numbers they provide (they don't have unlimited numbers in the hunt, so you may get a busy sometimes):

40-VOIP-INFO  (408-647-4636) Google Voice number

206-456-0649    IPKALL number (A service where you can get a free Washington state incoming
                             phone number to use with your SIP device

The Test Call will record your voice until you hit #, then play it back.

They operate a free test number that anybody can call (from any kind of line) to see how they sound by letting you talk - and then playing back your voice. He has the service available through several SIP providers which is important since one route may work OK, and the another not so good.

There is a menu that lets you read back your Caller ID, do an Echo Test which gives you an idea of the latency (delay) on that particular call, and allows you to do several other neat tests including check to see how the Touch Tone digits are received by his system (sometimes a problem with SIP!).

If you carry a VoIP phone as your VoIP Butt-set, you might want to program a couple of speed dial buttons for their two phone numbers (one or the other may be busy when you call). Their Echo Test will both show you the latency as well as if your voice is breaking up on outbound calls. The inbound bandwidth is often more, so you may not realize the outbound voice is breaking up without listening to the Record/Playback or Echo Test.

It's a free service, but you can donate on their web page:  http://thetestcall.blogspot.com
 


If you're selling or maintaining a network, selling or maintaining software that works on a network, securing a network and rid it of malware, or selling or maintaining VoIP service and equipment,  this is the tool you've been looking for to
fix problems like a professional!

Get the EtherShark™ Tap today!

$895.00
 
3+ @ $859.95 ea.
 

Call 630-980-7710 to order... 8:30 to 5PM, M-F, Chicago Time:
  

Click HERE for the EtherShark™ Tap manual in PDF format
 


Search Our Site:
   


         Contact Us   |   Privacy   |   Phone: 630-980-7710

VISA MASTERCARD AMEX

                    Copyright © 2014 Mike Sandman Enterprises, Inc.