First a big thanks to Barracuda Networks for providing the Barracuda Ethernet Tap for this Review.
For quite some time I have always wanted a packet sniffing system that I could power up at a moment’s notice and have it show me what’s going on from a packet point of view with the traffic going from my network to the internet. The two pieces of the puzzle I needed to do this were a laptop that could run Wireshark and an Ethernet Tap device that would go between my modem and my router and allow me to use the laptop connected to the Ethernet Tap running Wireshark to inspect all the packets. The laptop I already had however, the Ethernet Tap I didn’t have until I run across the Barracuda Ethernet Tap from Barracuda Networks and they were nice enough to provide one for this Review. Now let’s have a look at what all you can do with a system like this.
Before I get too far into this Review I should mention the features and specifications of the Barracuda Ethernet Tap.
-Link Speeds Supported: 10/100 Half or Full Duplex Ethernet
-Cable Type: CAT5
-Connectors: Four (4) RJ45 Network Ports - In, Out, Tap1, Tap 2
-Dimensions: 1.08" x 4.23" x 3.13"
-Weight: 4.4 oz. (without battery)
-Operating Temperature: 0° to 40°C
-Non-Operating Temperature: -30° to 65°C
-Power Requirements: 9VDC @ 30mA (external AC Adapter included)
From now on when I mention the Barracuda Ethernet Tap I’ll be referring to it as BET.
For me the coolness of the BET is the fact that it allows you to see what’s going on with your network at the packet level and with this information you can get an idea of how things work on your network or trouble shoot network problems. For years now I have always wondered what’s being sent out onto the internet from my network of computers when I see the cable modem lights blinking frantically and now I have the tools to answer that question.
I should mention that in my case here I’m mainly using the BET just to see what internet traffic I’m generating but that’s not its only use. Depending on where you put the BET on your network you can also see anything that goes over a CAT 5 Line network wise.
Before I take a look at the BET I should mention you don’t need the BET to see packets going across your network. You can install Wireshark on any computer and watch the network traffic that way. For me the beauty of BET is that I have it set up in between my router and my cable modem and that means with my laptop connected to the BET I can see all the internet related traffic from all my computers at once. The fact I don’t have to have Wireshark on every single computer is a huge bonus for me and it also means I don’t have to bog all my machines down with Wireshark running on them. The other bonus to using BET is that devices that don’t run Wirehshark, say for example a game console, you can also see all the packets they generate when you’re using the BET between the router and the cable modem as well. Below is a picture of Wireshark running on my Lenovo SL400 laptop and in the picture you can see that I have logged some web page traffic.
While on the topic of Wireshark I should mention for those that don’t know, Wireshark is a software packet sniffer that has loads of options. I have been playing around with it for years now and it constantly blows my mind what can be done with Wireshark from a packet information point of view. Wireshark is a FREE, open source cross platform tool that’s used by amateurs and pro’s alike. The real power for me with Wireshark is that fact you can filter out a lot of the packets you don’t want to see so you can home in on the packets you do want to see, and that’s a huge deal when you have traffic coming from multiple computers. You can also filter the packets based on IP and this is good if you want to see just the packets coming from one computer on your network.
When you purchase the BET you get the BET itself along with a 9 volt battery and an AC adapter. The battery is for if you want to run the BET without the AC adapter or if you want to use the battery as a backup in case your AC power drops out on you. If you do purchase a BET be sure to get extra network cables for use with the BET since the BET doesn’t come with any. Another thing to mention here is the BET does not require any kind of driver or anything like that to work. The BET is a passive TAP which also means it’s undetectable and doesn’t mess with any of the network traffic going over its IN and OUT ports. Below is a picture of the Box contents for the BET.
When you look at the BET you see the power switch to turn the device off and on as well as the 4 network ports on it. Two of the network ports are for the IN and OUT, in my case the OUT port is going to my cable modem while the IN port is connected to my router. The other two ports are your TAP 1 and TAP 2 ports and these are where you connect your monitoring computer up to, in my case the laptop running Wireshark to see all the incoming or outgoing packets. The one thing you have to keep in mind with the BET is that it separates the network traffic, so on one TAP port you will have all incoming packets and on the other TAP port you will have all the outgoing packets. If you want to get all the network packets going in both directions into a single computer, you will need a monitoring computer that has two network ports where you can bond the two ports together and then Wireshark would see the traffic going in both directions. Below is a picture of the 4 network ports on the BET.
In my case I don’t mind that the network traffic gets separated onto the two ports since I’m more interested in outgoing packets then the incoming packets. If I want to switch to seeing the incoming packets I just have to swap the network cable on the monitoring computer. You could also send the incoming and outgoing traffic from the BET to two computers at the same time should you have the need for that.
In order to put the 9 volt battery in the BET you remove a plastic cover on the bottom of the BET and the 9 Volt battery slides right in. In the picture below you can see the bottom of the BET.
For as simple and elegant as the BET is, I would like to see a couple of improvements with it. The first thing I would like to see is the network ports on the device being able to handle Gigabit speeds where as right now they only handle 10/100 speeds. The next thing I would like to see added to the device is a 3rd TAP port that can give you the traffic of both the TAP 1 and TAP 2 ports so that you don’t need to have two network cards in your computer or two computers to see all the traffic in both directions.
In conclusion this is a must have device for those people that like to see what’s going on with their network traffic. The Barracuda Ethernet Tap really does give the user quite a bit of power in terms of knowledge gained by watching how programs communicate with the internet. A tool like the Barracuda Ethernet Tap is also incredibly useful for detecting traffic such as what you may see coming from an infected computer with a Trojan / Bot on it and for that reason alone it is a very powerful security tool as well as a diagnostic tool. At the time of this Review you could purchase the Barracuda Ethernet Tap for about $129.00 U.S.
Below are a few more pictures of the Barracuda Ethernet Tap Enjoy!