3

I would like to capture the traffic from a router, so I assume there must exist a cable or hardware box with 3 RJ45 socks, where two of them are IN and OUT, and the third is for capturing device (a Linux host in my case).

What are such cables/boxes called?

Sandra
  • 9,973
  • 37
  • 104
  • 160

3 Answers3

4

Have a look at the Hak5 Throwing Star Lan Tap. It has features such as downgrading Gigabit to 100mbit, passive tapping and generally being hard to detect.

Kenny Rasschaert
  • 8,925
  • 3
  • 41
  • 58
Christopher
  • 156
  • 2
  • ..and yes, I realize that I did not really answer the question about what they are called. 'network tap' as @joeqwerty commented. – Christopher Apr 07 '13 at 10:59
  • I'd assume that you could watch impedance to detect one of these on the network. – Jacob Apr 07 '13 at 15:57
  • Except that the impedance would change as temperature changes? Perhaps if you had really high resolution data on impedance over a certain wire over time you could detect anomalies? – Christopher Apr 08 '13 at 19:14
4

Your best bet is probably a switch that supports port mirroring plus a box plugged in running wireshark.

This feature used to be only available on high-end, fully-managed switches, but now $60 gets you entry.

http://www.netgear.com/business/products/switches/prosafe-plus-switches/gs105e.aspx

Jason Litka
  • 148
  • 1
  • 3
  • When you can afford downtime, choose Netgear! – Jacob Apr 07 '13 at 15:55
  • 1
    This is not critical infrastructure. This is a tap. Netgear is fine, particularly since the other answer posted is a passive device that forces a drop to 100Mbit/s. If you're looking for uptime then you want a device acting as a bridge with a bypass adapter. – Jason Litka Apr 07 '13 at 17:03
  • 2
    This is a much better solution. The tap referenced is uni-directional (as many such devices are), meaning you only get one direction on each of the monitoring ports. However you really want devices that can mirror ports natively for a business network. Connecting an inline device requires downtime of the link and adds an unnecessary point of failure; neither of which is really acceptable when easily avoided with proper design. – YLearn Apr 08 '13 at 02:54
-1

they are called sniffers. there are wifi and cable sniffers. ten years ago the range of sniffers to connect to a lan via rj45 ran from $500 to $5000+ a good wifi sniffer or cable will set you back a pretty penny. then when the transmission is scrambled, you need more software and a super computer to decipher the message. but plain text can be captured and sometimes recorded with a low budget sniffer. there are other software tools for monitoring network traffic which are available.

Buddha Allah
  • 1