Dualcomm Gigabit Single TAP / NST Pro Combos

Low Cost Gigabit TAPs and Network Surveillance Solutions for the Security Professional

The following solutions are being offered to networking professionals in need of a convenient and low cost method to monitor and capture traffic on a single network segment (See article: SPAN Out of the Box for additional information):

Gigabit DCGS-2005 TAP and NST Pro Single License Gigabit DCGS-2005 TAP and NST Pro Site License
Accessory
Accessory
Gigabit ETAP-2105 Regeneration TAP and NST Pro Single License Gigabit ETAP-2105 Regeneration TAP and NST Pro Site License
Accessory
Accessory
Gigabit ETAP-3105 Regeneration TAP and NST Pro Single License Gigabit ETAP-3105 Regeneration TAP and NST Pro Site License

Use Case 1: Gigabit Network Monitor / Capture on the Dirty Side of a Firewall

The following use case depicts monitoring / capturing network packets on the "dirty" side of a Firewall. A Dualcomm Technology, Inc Gigabit switch TAP (model: DGCS-2005) is placed between the network provider and a Firewall / Router external connection. NST running on a notebook system in this instance can be used to perform a variety of network / security tasks with network traffic entering or leaving the Small and Medium Business (SMB) or Corporate Intranet. Example usage: NAT and PAT network packets can be examined for proper translations by the Firewall and IDS events can be detected and analyzed to mitigate against any possible network attacks.

Dualcomm Gigabit Single TAP / NST Pro Combo - Monitor / Capture Firewall Dirty Side

Use Case 2: Gigabit Network Monitor / Capture on the Clean Side of a Firewall

The following use case depicts monitoring / capturing network packets on the "clean" side of a Firewall. A Dualcomm Technology, Inc Gigabit switch TAP (model: DGCS-2005) is placed between the Firewall / Router internal connection and the Intranet switching fabric. NST running on a notebook system in this instance can be used to perform a variety of network / security tasks with network traffic entering or leaving the Small and Medium Business (SMB) or Corporate Intranet. Example usage: Host locations and IP Address conversations can be determined an plotted on bit images and / or Google Earth for network traffic origination and usage patterns.

Dualcomm Gigabit Single TAP / NST Pro Combo - Monitor / Capture Firewall Clean Side

Use Case 3: Gigabit Network Bandwidth Monitor / Geolocation / IDS on the DMZ Side of a Firewall

The following use case depicts NST Network Interface Bandwidth Monitoring, Host Geolocation, and IDS Detection on the "DMZ" side of a Firewall. The public web services are located in the DMZ network and are being monitored by multiple NST probes providing a unique security surveillance solution. A Dualcomm Technology, Inc Gigabit Regeneration TAP (model: ETAP-2105) is placed in the DMZ network between the Firewall / Router and the Web Server Complex load balancing switch.

The ETAP-2105 Regeneration TAP replicates the full-duplex network traffic running at Gigabit rates between the two inline ports (Ports: 1 and 2) across the three monitor ports (Ports: 3, 4 and 5). This provides each NST probe server and its respective network interface with its own mirrored copy of web traffic flowing in and out of the DMZ. Separate network security monitoring systems as shown in this diagram may be a requirement for certain organizations.

Dualcomm Gigabit Single ETAP-2105 / NST Pro Combo - Bandwidth Monitor / Geolocation / IDS Firewall DMZ Side

Use Case 4: Full Line Rate Gigabit Network Bandwidth Monitoring

The following use case demonstrates how to setup an NST probe for Internet traffic bandwidth usage monitoring on the unfiltered (dirty) side of a Firewall. The NST Network Interface Bandwidth Monitor is used as the Network Management tool for displaying and calculating bandwidth usage. A Dualcomm Technology, Inc Gigabit Regeneration TAP (model: ETAP-3105) is placed inline between the Firewall and the DOCSIS Cable or DSL modem. The inline Internet network traffic is duplicated and separated out as two (2) non-aggregation data streams. One stream for Receive Data (RxD) and the other one for Transmit Data (TxD). Ports: 4 and 5 provide the non-aggregation traffic flow at the full line rate of 2 Gpbs to the Dual-Port Gigabit Adapter on the NST probe shown.

The ETAP-3105 Regeneration TAP also replicates the data traffic running between the two inline Ports: 1 and 2 to both the aggregation monitor Port: 3. The aggregation monitor Port: 3 is not used in this Use Case.

The two inline ports of the ETAP-3105 will fail over automatically to maintain link connectivity when the ETAP-3105 loses power. This makes the ETAP-3105 suitable for deployments where critical link paths in a network are required.

The ETAP-3105 also supports Link Fault Pass-Through (LFPT) with the two inline ports. When a link goes down on either side of these ports, the link on the other side will also go down automatically. This capability is required for high availability deployments for reducing the time it takes to activate a redundant network link path.

Dualcomm Gigabit Single ETAP-3105 / NST Pro Combo - Full Line Rate Gigabit Network Bandwidth Monitoring