EH-Net

What kind of device is best to use if I want do "duplicate" and transfer network traffic from one remote facility to other, where analysis will be done?

So I'm looking for best "out-of-box" rack-cabinet appropriate device, sufficiently effective for being placed between switch and router.

What kind of data are we talking about? Databases? Files? Or are you talking about replication at a lower level? Are you trying to de-dup before you transfer over the network?

Wouldn't you just setup port mirroring and monitor everything from that port?  You could setup an appliance or a computer with wireshark,tcpdump, dsniff,etc, right?

Good point, misread the question. Port mirroring over a WAN might be tough unless the bandwidth is significant.

Have you tried a tap?

http://www.flukenetworks.com/enterprise-network/network-monitoring/Tap-Solutions (http://www.flukenetworks.com/enterprise-network/network-monitoring/Tap-Solutions)

http://www.network-taps.eu/products/products_networktaps.php (http://www.network-taps.eu/products/products_networktaps.php)

Yes, inline aggregating tap with filter option is needed, but do I get a device with router capabilities. Traffic should be send over WAN, but without intervention to existing (primary) router.

Not really. I used to work in a central data center for an auto company. All the plants had mini-data centers, but they got all their data from the centernal location. We had network genral sniffers and 4tb infinistreams attached to the network via span ports off cisco 6500s. the infinistreams rolled every 12 hours, and we never had complaints about performance.

If I understand that right, you want the traffic needing to be watched to go out over the exiting WAN connection without going through the existing border router? can you create down time to set things up?

Yes.

Also I have time to set-up things, it's not continuous process 24/7. For the beginning would be ok, if the device (tap) could have option to save filtered traffic and send it via smtp on every X hours. In that way the device could be plugged directly in current switch. Ofcourse I don't know if I get such smart Tap device (having laptop in rack for that is not an option).

maybe not having a laptop, but if you could drop a full size server, one that looks like it belonged maybe.

Actually I was thinking more along the lines of how I had something set up in the past. Had a facility in rural area that could only get 1 dsl line. It was a PITA just to get that much. A partner company made a deal with a 3rd company who came in and set up gear.

I had to figure out how to have 2 secure networks seperated on the same DSL line. Connection went DSL hand off (DSL Modem with built in firewall and router), cisco pix for one network, linksys running dd-wrt for the other as their gateways, and then they did Site to Site VPN from those.

Was thinking maybe put an outer-edge device, then the border router, with your sniffer hooked into the outer edge device and the network with span port. lock it down tight with firewall rules.