[ale] Ethernet Tap

Mike Panetta ahuitzot at mindspring.com
Wed Aug 20 12:34:31 EDT 2003


I am assuming the reason you are doing the tap is so that the machine that is doing the sniffing is 100% secure (IE it cant be easily hacked if the communication is one way only).  If thats the case, place a hub in between the 2 devices you wish to monitor, and just connect the RX lines of the sniffing device to one of the ports on the hub.  The hub should forward packets from both the devices to the RX pins of the sniffer, so you wont get the one sided communication problems you are having.  The hub however may not show link, but the card on the sniffing box may.

Another thing that might work (but definately will not if the connection between the switch and the device your monitoring is full duplex) is to use "oring diodes" to connect both the RX and the TX lines of the cable to the RX lines of the sniffing device. Try using something like a 1N914 or somesuch to do the oring.

Someone awhile back posted a gif of a device that radio shack sold that "split" a single ethernet jack into 2.  That same concept may work here, assuming the connection is not full duplex, and you are running at 10BaseT speeds (I am not sure it would work at 100BaseT).  It basicly used a bunch of bipolar transistors wired as fast diodes to allow every port on the unit to see the signals coming from every other port (including itself IIRC) in a kind of wired OR type config, basicly a dirt cheap hub if you will.  Only problem is it would absolutly not work in a full duplex network because it would cause 100% collision rate (RX tied to TX of every port through the "fast diodes").

Mike

-------Original Message-------
From: Christopher Fowler <cfowler at outpostsentinel.com>
To: ale at ale.org
Sent: 08/19/03 06:04 PM
To: ale at ale.org
Subject: [ale] Ethernet Tap

> 
> 

I got my Ethernet Tap woking.  Here is hte pinout I used.



568A Start                      568A End
1 GW Tx+ ------------------------ 1 Gw Tx+
2 G  Tx- ------------------------ 2 G  Tx-
3 Ow Rx+ ----+------------------- 3 Ow Rx+  
6 O  Rx- ------+------------------6 O  Rx-
             | |    
             | |     568A Tap
             | + --- 3 Ow Rx+ 
             +------ 6 O  Rx-


I guess the problem maybe it is a one-way tap.  It 
only sees traffic coming from the switch?  Is there
a way to wire it so that it can receive traffic 
from the end point too?

Thanks,
Chris
            
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
> 
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list