Musiyano mukuru pakati pekutora mapaketi uchishandisa Network TAP uye SPAN ports.
Port Mirroring(inozivikanwawo seSPAN)
Network Tap(inozivikanwawo seReplication Tap, Aggregation Tap, Active Tap, Copper Tap, Ethernet Tap, nezvimwewo)TAP (Terminal Access Point)chigadziriso chizere chehardware, chinogona kungobata traffic panetiweki. Inowanzo shandiswa kutarisa traffic pakati pemapoinzi maviri mune network. Kana network iri pakati pemapoinzi maviri aya iine tambo yemuviri, network TAP inogona kunge iri nzira yakanakisa yekutora traffic.
Usati watsanangura mutsauko pakati pemhinduro mbiri (Port Mirror uye Network Tap), zvakakosha kuti unzwisise kuti Ethernet inoshanda sei. Pa100Mbit uye pamusoro, vanogamuchira vanowanzo taura zvizere duplex, zvichireva kuti muenzi mumwe anogona kutumira(Tx) uye kugamuchira(Rx) panguva imwe chete. Izvi zvinoreva kuti pane 100 Mbit tambo yakabatana kune mumwe mugadziri, iyo yakazara huwandu hwetiweki traffic iyo mumwe muenzi anogona kutumira / kugamuchira (Tx/Rx)) ndeye 2 × 100 Mbit = 200 Mbit.
Iyo Port mirroring inoshanda packet replication, zvinoreva kuti network network ine basa rekukopa packet pamirrored port.
Kutora Traffic: TAP vs SPAN
Paunenge uchitarisa network traffic, kana iwe usingade kushandisa rutsigiro zvakananga apo mushandisi ari kugadzirisa kutengeserana, une maviri makuru sarudzo. Muchinyorwa chinotevera, isu tinopa tapuro yeTAP (Test Access Point) uye SPAN (Chinja Port Analyzer). Kuti uwane ongororo yakadzama, nyanzvi yekuongorora pakiti Timo'Neill ane zvinyorwa zvakati wandei pa lovemytool.com izvo zvinopinda mune zvakadzama, asi pano, isu tichatora imwe nzira yakajairika.
SPAN
Port mirroring inzira yekutarisa network traffic nekutumira kopi yega yega inouya uye/kana inobuda packet kubva kune imwe kana kupfuura ports (kana VLans) yekuchinja kune imwe chiteshi yakabatana kune network traffic analyzer. Spans inowanzoshandiswa mumasisitimu akareruka kutarisa akawanda masayiti panguva imwe chete. Iyo chaiyo nhamba yetiweki transmissions iyo inokwanisa kutarisa inoenderana nekuti iyo SPAN yakaiswa sei maererano neiyo data center michina. Iwe uchawana zvauri kutsvaga, asi zviri nyore kuzviwana uine data rakawandisa. Semuenzaniso, zvinokwanisika kuwana akawanda makopi eiyo data imwe chete muVLAN yese. Izvi zvinoita kuti kugadzirisa kweLAN kunyanye kuoma, uye zvakare kunokanganisa kumhanya kwe switch cpus kana kukanganisa iyo Ethernet kuburikidza nekuiswa kwekuonekwa. Chaizvoizvo, iyo yakawanda spans, zvakanyanya mukana wekurasikirwa nemapaketi. Kuenzaniswa nematepi, spans inogona kudzorwa kure, zvinoreva kuti nguva shoma inoshandiswa pakuchinja masisitimu, asi mainjiniya etiweki achiri kudikanwa.
SPAN ports haisi tekinoroji yekungoita, sekutaura kunoita vamwe, nekuti inogona kuve nemimwe mhedzisiro inoyerwa pane network traffic, kusanganisira:
-Nguva yekuchinja furemu yekudyidzana
-Kudonhedza mapaketi nekuda kwekunyanya kutarisa
- Mapaketi akaora anodonhedzwa pasina chiziviso, achitadzisa kuongororwa
Naizvozvo, SPAN ports inonyanya kukodzera mamiriro ezvinhu apo kudonhedza mapaketi hakukanganisi kuongororwa, kana uko mutengo unotariswa.
TAP
Mukupesana, matepi anoda kushandisa mari pane Hardware kumberi, asi ivo havadi kuseta kwakawanda. Hongu, sezvo ivo vari pasi, vanogona kubatanidzwa uye kubviswa kubva kune network pasina kuikanganisa. Matepi midziyo yehardware inopa nzira yekuwana data inoyerera kuburikidza netiweki yekombuta uye inowanzoshandiswa kunetiweki kuchengetedza uye kuita kwekutarisa zvinangwa. Iyo inotariswa traffic inonzi "pass-through" traffic uye chiteshi chinoshandiswa kutarisa chinonzi "monitoring port". Kuti uongorore network zvakajeka, matepi anogona kuiswa pakati pemarouter uye switch.
Nekuti TAP haikanganisi mapaketi, inogona kutariswa senzira yechokwadi yekuona network traffic.
Pane mhando nhatu dzeTAP mhinduro:
- Network splitter (1 : 1)
- Aggregate TAP (yakawanda: 1)
- Kuvandudza TAP (1: akawanda)
TAP inodzokorora traffic kune imwe chete passive yekutarisa chishandiso, kana kune yakakwira-density network packet relay mudziyo, uye inoshandira akawanda (kazhinji akawanda) maQOS ekuongorora maturusi, network yekutarisa maturusi, uye network sniffer maturusi sewaya shark.
Pamusoro pezvo, marudzi eTAP anosiyana zvichienderana nerudzi rwetambo, kusanganisira fiber TAP uye gigabit copper TAP, ese ari maviri anoshanda nenzira imwechete nekuburitsa chikamu chechiratidzo kune network traffic analyzer, nepo modhi huru ichienderera mberi ichiendesa pasina kukanganisa. Kune iyo fiber TAP, ndeyekutsemura danda nepakati, nepo mumhangura tambo system, ndeye kudzokorora chiratidzo chemagetsi.
Kuenzanisa TAP uye SPAN
Chekutanga, chiteshi cheSPAN hachina kukodzera kuzere-duplex 1G chinongedzo, uye kunyangwe kana iri pasi pehukuru hwayo, inokurumidza kudonhedza mapaketi nekuti yakaremerwa, kana kungoti switch inoisa pamberi pemazuva ese echiteshi-kune-chiteshi pamusoro peSPAN port data. Kusiyana nematepi etiweki, SPAN ports inosefa zvikanganiso zvemuviri, zvichiita kuti mamwe marudzi ekuongorora anyanye kuoma, uye sezvataona, nguva dzisiridzo dzekuwedzera nemafuremu akachinja zvinogona kukonzera mamwe matambudziko. Kune rimwe divi, TAP inogona kushanda yakazara-duplex 1G link.
TAP inogonawo kuita yakazara packet kubatwa uye kuita zvakadzama packet inspection for protocols, kutyorwa, intrusions, etc. Nokudaro, data yeTAP inogona kushandiswa sehuchapupu mudare, nepo SPAN data data haigoni.
Chengetedzo chimwe chikamu apo pane misiyano pakati pemaitiro maviri aya. SPAN ports inowanzogadzirirwa nzira imwe chete yekukurukurirana, asi inogonawo kugamuchira kutaurirana mune dzimwe nguva, zvichikonzera kukanganisa kwakakomba. Kusiyana neizvi, TAP haitaurike uye haina IP kero, saka haigone kubiwa.
SPAN ports kazhinji haipfuure VLAN tags, izvo zvinogona kuita kuti zviome kuona kutadza kweVLAN, asi matepi haakwanise kuona iyo VLAN network yese kamwechete. Kana mapombi akaunganidzwa akasashandiswa, iyo TAP haizope zvakafanana kune ese machani, asi kungwarira kunofanirwa kutorwa nekuonekwa kweawara. Kune aggregate matepi, akadai seBooster yeProfitap, iyo inounganidza masere 10/100/1G ports mune 1G-10G inobuda.
Booster inokwanisa kuisa mapaketi nekuisa VLAN tag. Nenzira iyi, iyo sosi yechiteshi ruzivo rwepaketi yega yega inozoendeswa kune analyzer.
SPAN ports ichiri chishandiso chichashandiswa nemanetiweki maneja, asi kana kukurumidza uye yakavimbika kuwana kune ese network data yakakosha, TAP ndiyo iri nani sarudzo. Kana uchifunga kuti ndeipi nzira yekutora, SPAN ports inonyanya kukodzera kune network ine yakaderera kushandiswa, sezvo akarasika mapaketi haakonzerese kuongororwa kana ari sarudzo mune zviitiko zvinodhura. Nekudaro, pamanetiweki ane traffic yakanyanya, kugona kweTAP, chengetedzo, uye kuvimbika kunopa kuoneka kuzere mutraffic panetiweki yako pasina kutya kurasikirwa kwepakeji kana kusefa zvikanganiso zvemuviri.
○ Zvinonyatsooneka
○ Dzokorora traffic yese (ese mapaketi eese saizi nemhando)
○ Isinganzwisisike, isingapindire (haisi kushandura data)
○ Munhevedzano, hapana switch ports inoshandiswa kudzokorora yakazara-duplex traffic mumahanesi Kuseta kuri nyore (plug uye tamba)
○ Haisi panjodzi yevanoba (isingaonekwe, yakasarudzika yekutarisa mudziyo kubva kunetiweki, hapana IP/MAC kero)
○ Scalable
○ Inokodzera chero mamiriro
○ Kuonekwa zvishoma
○ Kusatevedzera traffic yese (kudonhedza mamwe saizi uye marudzi emapaketi)
○ Non-passive (kuchinja packet nguva, kuwedzera latency)
○ Shandisa switch port (yega yega yeSPAN port inoshandisa switch port)
○ Kutadza kubata yakazara-duplex kutaurirana (mapaketi akadonhedzwa kana akaremerwa, anogonawo kukanganisa mashandiro ekutanga)
○ Mainjiniya anofanirwa kugadzirisa
○ Haina kuchengetedzeka (Monitoring system chikamu chetiweki, matambudziko anogona kuitika ekuchengetedza)
○ Haisi kukura
○ Zvinokwanisika chete mune mamwe mamiriro ezvinhu
Unogona kunge uchifarira chinyorwa chakabatana: Maitiro ekutora Network Traffic? Network Tap vs Port Mirror
Nguva yekutumira: Jun-09-2025
