Net.Shark is a FPGA based Tap with filtering capabilities, that connected in pass-through mode, is able to capure traffic at wire-speed. Packets are transmitted through two ports and traffic compliant with one of the filters is sent to Wireshark.
Wireshark is a network packet analyzer to examine communication network. Important features are: live packet data capture, display packets with very detailed protocol information, open/save data, import/export from/to other programs. It can search/filter data on many criteria. Wireshark is open source and probably the best packet analyzer available.
Mirror ports may not provide 100% of network traffic if they are over-subscribed because this process works in background in low priority; moreover it may not even be available for use when necessary. It may also occur that to monitor multiple network channel or VLAN simultaneously and aggregate the data to your network analysis cannot be possible because of the complexity of the set up and execution process.
PCs executing protocol analyzers like Wireshark lack power capacity and traditional taps cannot be moved easily and always depend on another external device because are not self contained. Once you get the traffic there are still limitations such as FDX capture, jitterless timestamp, or field storage of captured data that may only be overcame with a hand-held field tap such Net.Shark:
NetShark hand-held 2xSPAN Ports: SFP interfaces including: 10BASE-T, 100BASE-TX, 100BASE-FX, 1000BASE-T, 1000BASE-SX, 1000BASE-LX. DROP Ports: 2x1000BASE-T. Aggegation function in one DROP port. Local Storage: SD storage in PCAP format . Throughput SPAN ports: 2x1 Gbit/s or 2x1,500,000 frames/s. Minumum operation time with one battery pack 2.5h., two battery pack 5 h. (Includes two battery NiMH packs, AC/DC adapter transportation bag, RJ45 connectors). Two units SFP Adapter 1000BASE-Cx to 1000BASE-T with RJ45 included.
Traffic Discovering - Automatic detection of up 16 most frequent streams listed by IP, VLAN, MAC and bandwidth use.
Remote Control. Based on VNC standards for Windows and Linux. Ethernet/IP remote control that duplicates the tester graphical user interface in a remote computer.