The LAN Tap Pro is a passive Ethernet tap, requiring no power for operation. There are active methods of tapping Ethernet connections (e.g., a mirror port on a switch), but none can beat passive taps for portability. To the target network, the LAN Tap looks just like a section of cable, but the wires in the cable extend to the monitoring ports in addition to connecting one target port to the other.
The monitoring ports (J3 and J4) are receive-only; they connect to the receive data lines on the monitoring station but do not connect to the station’s transmit lines. This makes it impossible for the monitoring station to accidentally transmit data packets onto the target network.
The LAN Tap is designed to monitor 10BASET and 100BASETX networks. It is not possible for an unpowered tap to perform monitoring of 1000BASET (Gigabit Ethernet) networks, so the Throwing Star LAN Tap intentionally degrades the quality of 1000BASET target networks, forcing them to negotiate a lower speed (typically 100BASETX) that can be passively monitored. This is the purpose of the two capacitors (C1 and C2).
Like all passive LAN Taps, this device degrades signal quality to some extent. Except as described above for Gigabit networks, this rarely causes problems on the target network. In situations where very long cables are in use, the signal degradation could reduce network performance. It is a good practice to use cables that are not any longer than necessary.
- Use Ethernet cables to connect the LAN Tap (J1 and J2) in line with a target network to be monitored.
- Use Ethernet cables to connect one or both of the monitoring ports (J3 and J4) to ports on one or two monitoring stations. Each port monitors traffic in one direction only.
- Use your favorite software (e.g., tcpdump or Wireshark) on the monitoring station(s) to capture network traffic.
