It seemed like a good idea at the time.
Talking to Aastra tech support about a deployment issue with the 6757i, they requested a wireshark capture of the phone as it booted. Simple, right? I’ve used wireshark a lot through the years, and luckily for me, most of my use in the past has involved a linux router that I could run it on directly. I didn’t have to worry much about switches and taps. Not that I haven’t done that, too, just not for a while. Namely not before Gigabit Ethernet hit the scene.
There are articles by the ton about building a passive network tap, and I’ve even done it before, though it was about 8 or 10 years ago. Here are a few that I referenced:
So I dove in and built the tap, but no luck at all getting it going. I couldn’t see a thing. Then I discovered a comment on one of the (many) sites I was checking to try to learn more about why I wasn’t seeing anything on the taps. The comment basically said that Gigbit Ethernet is using both transmit and receive pairs in both directions simultaneously. There’s a DSP involved that subtracts the data you are sending (also any injected crosstalk) from the data you are receiving. So Gigabit Ethernet has much more going on than I realized. Also – no Gigbit passive taps. All Gigbit links will need an active tap or, as I had the advantage of using before, a bridged connection to use for the snooping.
So… I cheated. I knocked the port speed down to 100M long enough for the passive tap to show me what I needed.