[Snort-users] Passive Tap Help

Lists echo at ...9803...
Mon Dec 1 07:55:05 EST 2003


I agree that the lines crossing over within the tab block are
confusing.  I believe the key here is to note the labels on the
streams.  

i.e. "From Tx" on the outside -> "To Rx" on the inside is "Incomming
traffic".  The other path represents "Outgoing traffic".

The way I would describe this:

0) Number the ports on the switch in the diagram 1 - 3 from left to
right.

1) The receive pins on port 1 of the switch are passively connected to
the INCOMMING data stream

2) The receive pins on port 2 of the switch are passively connected to
the OUTGOING data stream

3) The switch forwards both the INCOMMING and OUTGOING traffic to port 3
of the switch allowing you to sniff both directions at the same time.

  - Paul Beltrani

On Mon, 2003-12-01 at 10:21, Peters, Michael D. wrote:
> http://www.snort.org/docs/100Mb_tapping1.pdf is the picture I am
> referencing. I am looking to decipher the exact pin out of the 100Mb copper
> tap. It looks like I would have 4 - RJ45 Ethernet jacks in the tap.
> 
> I guess I am looking for an "Ethernet Tap for Dummies" version that includes
> the wiring pin out for all 4 jacks.
> 
> 
> Best regards,
> 
> Michael D. Peters 
> 
> 
> -----Original Message-----
> From: Frank Knobbe [mailto:frank at ...9761...]
> Sent: Monday, December 01, 2003 10:06 AM
> To: Peters, Michael D.
> Cc: Snort-Users at ...1973... Sourceforge. Net (E-mail)
> Subject: Re: [Snort-users] Passive Tap Help
> 
> 
> On Mon, 2003-12-01 at 07:50, Peters, Michael D. wrote:
> > I have been examining the diagram for the passive tap. I don't really
> > understand and I was hoping someone would clarify the drawing for me?
> 
> I think you are confusing the read-only cables with taps. These cables
> are a cheap-mans tap. Real taps work differently. 
> 
> > Inside the tap is where I think my understanding has broken down. The
> > picture seems to indicate that there is a crossover occurring on the
> actual
> > <CABLE> which I know would not work.
> 
> Work fine for me. Please indicate which cable you are talking about. The
> one in the Snort FAQ uses a feedback to fake a link (and hence can only
> be used on a hub, not a switch). Other cables munge the Send signal with
> capacitors.
> 
> Taps are different. They take the Receive line and feed it into
> electronics, providing amplification, stabilization and an output driver
> stage. In other words, there is electronics behind them, not just some
> cable wizardy.
> 
> Regards,
> Frank
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list