Itandukaniro nyamukuru hagati yo gufata paki ukoresheje Network TAP na port ya SPAN.
Indorerwamo(bizwi kandi nka SPAN)
Kanda Umuyoboro.TAP (Ahantu ho kugera)ni igikoresho cyuzuye cyuma cyuma, gishobora gufata traffic kuri neti. Bikunze gukoreshwa mugukurikirana traffic hagati yingingo ebyiri murusobe. Niba umuyoboro uri hagati yizi ngingo zombi ugizwe numuyoboro wumubiri, umuyoboro TAP urashobora kuba inzira nziza yo gufata traffic.
Mbere yo gusobanura itandukaniro riri hagati y ibisubizo byombi (Port Mirror na Network Tap), ni ngombwa kumva uburyo Ethernet ikora. Kuri 100Mbit no hejuru, abashyitsi mubisanzwe bavuga muri duplex yuzuye, bivuze ko uwakiriye ashobora kohereza (Tx) akakira (Rx) icyarimwe. Ibi bivuze ko kuri kabili 100 Mbit ihujwe numucumbitsi umwe, igiteranyo cyurugendo rwurusobe umuyoboro umwe ashobora kohereza / kwakira (Tx / Rx)) ni 2 × 100 Mbit = 200 Mbit.
Indorerwamo ya Port nigikorwa cyo kwigana paki, bivuze ko igikoresho cyurusobe gifite inshingano zo gukoporora paki kuricyambu.
Gufata traffic: TAP vs SPAN
Mugihe ukurikirana traffic traffic, niba udashaka gukoresha inkunga itaziguye mugihe umukoresha arimo gutunganya transaction, ufite amahitamo abiri yingenzi. Mu kiganiro gikurikira, tuzatanga incamake ya TAP (Ikigereranyo cyo Kugerageza) na SPAN (Hindura Port Analyser). Kubisesengura byimbitse, impuguke yo kugenzura paki Timo'Neill ifite ingingo nyinshi kuri lovemytool.com zijya muburyo burambuye, ariko hano, tuzafata inzira rusange.
SPAN
Icyerekezo cy'icyambu ni uburyo bwo gukurikirana urujya n'uruza rw'urubuga rwohereza kopi ya buri paki yinjira na / cyangwa isohoka kuva ku cyambu kimwe cyangwa byinshi (cyangwa VLans) yo guhinduranya ikindi cyambu gihuza isesengura ry'umuhanda. Umwanya ukunze gukoreshwa muri sisitemu yoroshye yo gukurikirana imbuga nyinshi icyarimwe. Umubare nyawo wohereza imiyoboro ishoboye gukurikirana biterwa n’aho SPAN yashyizwemo ugereranije nibikoresho bya data center. Birashoboka ko uzabona icyo urimo gushaka, ariko biroroshye kwisanga ufite amakuru menshi. Kurugero, birashoboka kubona kopi nyinshi zamakuru amwe muri VLAN yose. Ibi bituma LAN ikemura ibibazo cyane, kandi ikanagira ingaruka kumuvuduko wa cpus cyangwa ikagira ingaruka kuri Ethernet ikoresheje gushakisha. Ahanini, uko bigenda, birashoboka cyane gutakaza paki. Ugereranije na kanda, spans irashobora gucungwa kure, bivuze ko igihe gito cyakoreshejwe muguhindura iboneza, ariko injeniyeri zurusobe ziracyasabwa.
Ibyambu bya SPAN ntabwo ari tekinoroji ya pasiporo, nkuko bamwe babivuga, kuko bishobora kugira izindi ngaruka zapimwe kumuhanda, harimo:
- Igihe cyo guhindura imikoranire
- Kureka paki kubera gushakisha birenze
- Amapaki yangiritse yajugunywe nta nteguza, abangamira isesengura
Kubwibyo, ibyambu bya SPAN birakwiriye mubihe aho guta paki bitagira ingaruka kubisesengura, cyangwa aho harebwa ikiguzi.
TAP
Ibinyuranye, kanda igomba gukoresha amafaranga kubikoresho imbere, ariko ntibisaba gushiraho cyane. Mubyukuri, kubera ko ari pasiporo, zirashobora guhuzwa no guhagarikwa kumurongo utabigizeho ingaruka. Kanda ni ibikoresho byuma bitanga uburyo bwo kubona amakuru anyura mumurongo wa mudasobwa kandi bikoreshwa muburyo bwo gucunga umutekano no kugenzura imikorere. Imodoka ikurikiranwa yitwa "pass-through" traffic kandi icyambu gikoreshwa mugukurikirana cyitwa "icyambu cyo gukurikirana". Kugirango ugenzure neza urusobe, kanda zirashobora gushyirwa hagati ya router na switch.
Kuberako TAP itagira ingaruka kubipaki, irashobora kubonwa nkuburyo bworoshye bwo kureba traffic traffic.
Hariho ubwoko butatu bwibisubizo bya TAP:
- Gutandukanya umuyoboro (1: 1)
- Guteranya TAP (byinshi: 1)
- Kuvugurura TAP (1: byinshi)
TAP yigana urujya n'uruza rw'igikoresho kimwe cyo kugenzura gusa, cyangwa ku gikoresho cyinshi cyo mu muyoboro wuzuye wa paki, kandi ikora ibikoresho byinshi byo gupima QOS, ibikoresho byo kugenzura imiyoboro, hamwe n'ibikoresho bya sniffer nka wireshark.
Byongeye kandi, ubwoko bwa TAP buratandukanye bitewe nubwoko bwa kabili, harimo fibre TAP na gigabit y'umuringa TAP, byombi bikora muburyo bumwe mukurekura igice cyikimenyetso kubisesengura ryumuhanda, mugihe icyitegererezo nyamukuru gikomeje kohereza nta nkomyi. Kuri fibre TAP, ni ukugabanya ibiti mo kabiri, mugihe muri sisitemu yumuringa wumuringa, ni ukwigana ibimenyetso byamashanyarazi.
Kugereranya TAP na SPAN
Ubwa mbere, icyambu cya SPAN ntikibereye guhuza byuzuye-duplex 1G, kandi niyo munsi yubushobozi bwayo buhebuje, ihita ita paki kuko iremerewe, cyangwa gusa kubera ko switch ishyira imbere amatariki asanzwe yicyambu-cyambu hejuru yamakuru yicyambu cya SPAN. Bitandukanye na kanda y'urusobekerane, ibyambu bya SPAN byungurura amakosa yibintu bifatika, bigatuma ubwoko bumwe bwisesengura bugorana, kandi nkuko twabibonye, ibihe byo kwiyongera bitari byo hamwe namakadiri yahinduwe bishobora gutera ibindi bibazo. Kurundi ruhande, TAP irashobora gukora-duplex yuzuye.
TAP irashobora kandi gukora paki yuzuye kandi igakora igenzura ryimbitse ryibipapuro kuri protocole, kurenga, kwinjira, nibindi. Rero, amakuru ya TAP arashobora gukoreshwa nkibimenyetso murukiko, mugihe amakuru yicyambu cya SPAN adashobora.
Umutekano nubundi buryo aho hari itandukaniro hagati yubuhanga bubiri. Ibyambu bya SPAN mubisanzwe byashyizweho kugirango habeho itumanaho rimwe, ariko birashobora no kwakira itumanaho mubihe bimwe na bimwe, bigatera intege nke. Ibinyuranye, TAP ntishobora gukemurwa kandi ntabwo ifite aderesi ya IP, ntabwo rero ishobora kwibasirwa.
Ibyambu bya SPAN mubusanzwe ntibinyura kuri tagi ya VLAN, bishobora kugorana kumenya kunanirwa kwa VLAN, ariko kanda ntishobora kubona umuyoboro wose wa VLAN icyarimwe. Niba kanda zegeranijwe zidakoreshejwe, TAP ntizatanga inzira imwe kumiyoboro yombi, ariko igomba kwitonderwa no gutahura birenze urugero. Hano hari kanda zose, nka Booster ya Profitap, ikusanya ibyambu umunani 10/100 / 1G mubyasohotse 1G-10G.
Booster ishoboye kwinjiza paki winjizamo tagi ya VLAN. Muri ubu buryo, inkomoko yicyambu amakuru ya buri paki azoherezwa kubisesengura.
Ibyambu bya SPAN biracyari igikoresho abayobozi b'urusobe bazakoresha, ariko niba umuvuduko no kwizerwa kugera kumurongo wamakuru yose ari ngombwa, TAP niyo guhitamo neza. Mugihe uhisemo uburyo bwo gufata, ibyambu bya SPAN birakwiriye cyane kumiyoboro ikoreshwa nabi, kubera ko paki zabuze zitagira ingaruka kubisesengura cyangwa ntizihinduka mugihe ibiciro biteye impungenge. Nyamara, kumurongo ufite traffic nyinshi, ubushobozi bwa TAP, umutekano, no kwizerwa bizatanga ibisobanuro byuzuye mumodoka kuri neti yawe nta bwoba bwo gutakaza paki cyangwa gushungura amakosa yumubiri.
Biboneka neza
Ongera wigane traffic yose (paki zose zingana nubunini)
Ive Passive, idahwitse (ntabwo ihindura amakuru)
○ Mu ruhererekane, nta byambu byahinduwe bikoreshwa mu kwigana traffic-duplex yuzuye mu bikoresho byoroshye Gushiraho (gucomeka no gukina)
○ Ntibishobora kwibasirwa naba hackers (igikoresho kitagaragara, igikoresho cyihariye cyo kugenzura kuva kumurongo, nta aderesi ya IP / MAC)
○ Ntibisanzwe
Bikwiranye n'ikibazo icyo ari cyo cyose
Vis Kugaragara igice
○ Kudakoporora ibinyabiziga byose (guta ingano nubwoko bwibipaki)
○ Ntabwo ari pasiporo (guhindura igihe cyo gupakira, kongera ubukererwe)
○ Koresha icyambu (buri cyambu cya SPAN gikoresha icyambu)
○ Ntibishobora gukemura itumanaho ryuzuye (paki zimanutse iyo ziremerewe, birashobora kandi kubangamira imikorere yambere yo guhinduranya)
Ers Ba injeniyeri bakeneye gushiraho
○ Umutekano muke (Sisitemu yo gukurikirana ni igice cyurusobe, ibibazo byumutekano)
○ Ntibishoboka
Birashoboka gusa mubihe bimwe
Urashobora gushimisha ingingo ijyanye nayo: Nigute wafata traffic traffic? Umuyoboro Kanda vs Port Mirror
Igihe cyo kohereza: Jun-09-2025
