He continued Packets are transmitted through two ports and the packets that are traffic compliant with one of the filters is sent to a packet analyser, such as Wireshark or GL's PacketScan for detailed packet analysis. Alternatively, the traffic can be even sent to a memory card and later analysed offline.”
He added, “PacketShark
is an invaluable tool for on-field simultaneous capturing from two interfaces, analysing 100% streams without any delays, and filtering/aggregating required packet streams at wire speed. It overcomes most of the limitations of protocol analysers running on Laptops or PCs that are too slow to capture live Full Duplex traffic at wire speed. It is generally preferred over mirror ports and traditional taps in providing aggregated traffic output and mobility.”
Mr. Bichefsky further added, “PacketSharksupports all the features of high-end taps in a small, battery operated instrument, weighing less than 1.2 kg, and providing mobility and storage capacity to reach any point in the network. It provides INSTANT ON features - no PC required.”
•Ability to capture packets at any point of the Network
•Wirespeed filtering with zero loss and zero delay - Equipped with a unique Zero Delay technology that ensures every packet goes through without delay (even if power is lost)
•Capture in the field and analyse in the office - Field storage of captured data using an external storage device (SD memory card) in PCAP format.
•Copy and forward matching packets to the drop LAN.
•Traffic and Signal Regeneration
•Sixteen simultaneous filters can be applied to the traffic.
•Firmware filters to identify traffic MAC, IP, UDP or TCP flow.
•Centralized or distributed deployment
•Jitter-less time stamps
•Invisible when connected (Undetectable): no IP no MAC
•Improves efficiency and the performance of the protocol analyser by adding mobility, capture filters and local storage
•Erred frames, fundamental feature for troubleshooting: FCS, runts, fragments, etc