Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.

Published byBathsheba Wilson Modified over 9 years ago

Similar presentations

Presentation on theme: "SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST."— Presentation transcript:

1 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST ‘10 Stanford University June 14-17, 2010

2 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Overview What are TAP’s? Why TAP? Modes Options Technology Portable Analysis Configuration

3 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Analyze Capture Access

4 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

5 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s? Traffic Access Point An inline network device that provides access to data as it traverses a network media.

6 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

7 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s? Deployed Inline – TAP’s Process All Frames on the Media

8 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s? Gaining Popularity – TAP’s can be Active or Passive Devices

9 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

10 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

11 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Why TAP?

12 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Why TAP? VoIP Monitoring Protocol Analysis Server & Workstation Monitoring Compliance & Data Leakage Detection Intrusion Detection & Prevention The security group is hogging all the SPAN ports and they never let me sniff any data…

13 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Why TAP? There are lots of reasons… Multiple groups will need access to data More groups will require copies of data What happened to my HUB?! SPAN ports are slim pickings

14 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Modes

15 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Breakout (Directional Outputs)

16 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Aggregating (Combined Outputs)

17 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Regenerating (Duplication/Replication of Data)

18 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Aggregating Regenerating (TAP and SPAN) ew

19 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Aggregating/Filtering Backplane

20 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Advanced Backplane Operations

21 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Options

22 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options Link Failure\Integrity\State Propagation

23 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options Fail-to-Safe, Fail-to-Wire, Fail Closed

24 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options Link Lock, Passive Copper (10/100 only)

25 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options PoE Passive/Pass Through, Not Always PoE+

26 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Technology

27 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Passive TAP Benefits – TAP once and done – Live devices link directly with each other – Allows simple monitoring applications – Passes L2 errors – Link maintained on power state change Things to Consider – Some degradation of live signal – Proper deployment

28 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Active TAP Benefits – Allows complex monitoring applications – Allows traffic to be injected into live links – No degradation of live signal Things to Consider – May discard link errors (Switch vs FPGA) – Link is lost on power state change – Live network devices link with TAP

29 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Passive Components Copper 10/100M Links – Manipulate traces and PHY connections – Live devices physically connected – Power state change is non-impactful Fiber 100M, 1G, 10G+ Links – Optical splitters/couplers – Isolates production and monitor data-paths – Can provide 100% passive monitoring

30 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Optical Fiber Splitter/Coupler

31 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology

32 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Active Components Copper 10/100/1G Links – Fast acting copper relays Fiber 1G, 10G+ Links – Optical bypass switches

33 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Active Components Fast Acting Copper Relays / Optical Switches – Non-Latching Do NOT require power to fail closed Less complex – Latching DO require power and a trigger to activate More flexible

34 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Optical Fiber Bypass Switch

35 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Optical Fiber Bypass Switch

36 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components Switch Chip Based Designs – Familiar architecture and compatibility – Built in functionality – Designed for specific tasks – Counts malformed frames and errors – May not pass error frames

37 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components Field-Programmable Gate Array (FPGA) – An integrated circuit designed to be configured after manufacturing – Extreme flexibility allows complex applications – Passes malformed frames and errors – Oversized and custom frame types – Byte offset matching and slicing

38 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components Fiber Transceiver – Two pieces of directional optics – Transmitter – Only capable of sending – Receiver – Only capable of capture – Form factors – SFF, SFP, SFP+

39 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components PHY (Physical Layer) – PCS, PMA, PMD – Connects RJ45/transceiver to Switch (or FPGA) – Handles link negotiation and line protocols – Broadcom, Marvell, Intel, VIA

40 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology

41 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Deployment

42 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Deploying TAP’s

43 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Deploying TAP’s Things to Consider Not all patch cables are created equal – OM1 (Orange), OM2 (Grey), OM3 (Teal) Fiber cables may be crossover 10/100 network cabling (MDI, MDIX) Consider overall cable lengths

44 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis

45 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis Laptop Challenges Where’s the Fiber port?! Performance of receive and capture is limited 1G capture appliances are not very portable 1 Gbps is still a LOT of data

46 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis Solutions TAP’s for Media Conversion Modify the Capture Buffer Size Filter on TAP Hardware

47 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis: Media Conversion Copper to Copper Fiber to Copper Copper to Fiber Fiber to Fiber

48 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis: Bump the Capture Buffer

49 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis: Filter on TAP

50 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Filtering

51 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Configuration

52 SHARKFEST ‘10 | Stanford University | June 14–17, 2010

53

54

55 Configuration Breakout Mapping

56 SHARKFEST ‘10 | Stanford University | June 14–17, 2010

57 Configuration Aggregation Mapping

58 SHARKFEST ‘10 | Stanford University | June 14–17, 2010

59 Configuration Aggregated & Filtered Mapping

60 SHARKFEST ‘10 | Stanford University | June 14–17, 2010

61

62

63

64 Backplane Connections Source and Destination Ports

65 SHARKFEST ‘10 | Stanford University | June 14–17, 2010

66

67

68

69

70 Configuration

71 SHARKFEST ‘10 | Stanford University | June 14–17, 2010

72

73

74

75

76

77 FYI TAP's with Batteries – Require Maintenance – Special Shipping Handling – Existing UPS Infrastructure

78 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Be Cautious Fast Linking Gigabit – Modifies Normal Auto-negotiation – Not Standard Ethernet Procedure – Is NOT 100% Guaranteed

79 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Other Useful Bits Facts About Fiber Optics www.networkcritical.com/sharkfest/fiber Ethernet Negotiation – Rich Hernandez www.networkcritical.com/sharkfest/autoneg Perils of the Network: Duplex Conflicts – Apparent Networks www.networkcritical.com/sharkfest/duplex Catalyst SPAN Configuration – Cisco www.networkcritical.com/sharkfest/ciscospan TAP vs SPAN – Tim O’Neill www.networkcritical.com/support/document-library/TAP-vs-SPAN DIY 10/100 access? www.hackaday.com/2008/09/14/passive-networking-tap

80 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Thank You! sam@networkcritical.com 716-558-7280 See you next year!

Download ppt "SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST."

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, 2009 1:30 pm –

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –
CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Switching Concepts Introduction to Ethernet/802.3 LANs Introduction.

CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Switching Concepts Introduction to Ethernet/802.3 LANs Introduction.
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.
CSCI 465 D ata Communications and Networks Lecture 20 Martin van Bommel CSCI 465 Data Communications & Networks 1.

CSCI 465 D ata Communications and Networks Lecture 20 Martin van Bommel CSCI 465 Data Communications & Networks 1.
1 Data Link Protocols Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,

1 Data Link Protocols Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.
Lab Practical 2 Study about different types of Networking Device

Lab Practical 2 Study about different types of Networking Device
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
Net Optics Confidential and Proprietary Director xStream Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Director xStream Intelligent Access and Monitoring Architecture Solutions.
TDC 461 Basic Communications Systems Local Area Networks 29 May, 2001.

TDC 461 Basic Communications Systems Local Area Networks 29 May, 2001.
NETWORK DESIGN Customer requirements Network topologies Cable choice Hardware TSB 75 TSB72.

NETWORK DESIGN Customer requirements Network topologies Cable choice Hardware TSB 75 TSB72.
Ethernet By far, the dominant standard for guided media for the internet is Ethernet. How does it work?

Ethernet By far, the dominant standard for guided media for the internet is Ethernet. How does it work?
1 K. Salah Module 4.3: Repeaters, Bridges, & Switches Repeater Hub NIC Bridges Switches VLANs GbE.

1 K. Salah Module 4.3: Repeaters, Bridges, & Switches Repeater Hub NIC Bridges Switches VLANs GbE.
Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,

Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Switches in Networking B. Konkoth. Network Traffic  Scalability  Ability to handle growing amount of work  Capability of a system to increase performance.

Switches in Networking B. Konkoth. Network Traffic  Scalability  Ability to handle growing amount of work  Capability of a system to increase performance.
GigE Knowledge. BODE, Company Profile Page: 2 Table of contents  GigE Benefits  Network Card and Jumbo Frames  Camera - IP address obtainment  Multi.

GigE Knowledge. BODE, Company Profile Page: 2 Table of contents  GigE Benefits  Network Card and Jumbo Frames  Camera - IP address obtainment  Multi.
Troubleshooting Software Tools vs. Professional Test Equipment.

Troubleshooting Software Tools vs. Professional Test Equipment.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs

Similar presentations

Ads by Google