[Snort-users] Passive Tap Help
echo at ...9803...
Mon Dec 1 07:55:05 EST 2003
I agree that the lines crossing over within the tab block are
confusing. I believe the key here is to note the labels on the
i.e. "From Tx" on the outside -> "To Rx" on the inside is "Incomming
traffic". The other path represents "Outgoing traffic".
The way I would describe this:
0) Number the ports on the switch in the diagram 1 - 3 from left to
1) The receive pins on port 1 of the switch are passively connected to
the INCOMMING data stream
2) The receive pins on port 2 of the switch are passively connected to
the OUTGOING data stream
3) The switch forwards both the INCOMMING and OUTGOING traffic to port 3
of the switch allowing you to sniff both directions at the same time.
- Paul Beltrani
On Mon, 2003-12-01 at 10:21, Peters, Michael D. wrote:
> http://www.snort.org/docs/100Mb_tapping1.pdf is the picture I am
> referencing. I am looking to decipher the exact pin out of the 100Mb copper
> tap. It looks like I would have 4 - RJ45 Ethernet jacks in the tap.
> I guess I am looking for an "Ethernet Tap for Dummies" version that includes
> the wiring pin out for all 4 jacks.
> Best regards,
> Michael D. Peters
> -----Original Message-----
> From: Frank Knobbe [mailto:frank at ...9761...]
> Sent: Monday, December 01, 2003 10:06 AM
> To: Peters, Michael D.
> Cc: Snort-Users at ...1973... Sourceforge. Net (E-mail)
> Subject: Re: [Snort-users] Passive Tap Help
> On Mon, 2003-12-01 at 07:50, Peters, Michael D. wrote:
> > I have been examining the diagram for the passive tap. I don't really
> > understand and I was hoping someone would clarify the drawing for me?
> I think you are confusing the read-only cables with taps. These cables
> are a cheap-mans tap. Real taps work differently.
> > Inside the tap is where I think my understanding has broken down. The
> > picture seems to indicate that there is a crossover occurring on the
> > <CABLE> which I know would not work.
> Work fine for me. Please indicate which cable you are talking about. The
> one in the Snort FAQ uses a feedback to fake a link (and hence can only
> be used on a hub, not a switch). Other cables munge the Send signal with
> Taps are different. They take the Receive line and feed it into
> electronics, providing amplification, stabilization and an output driver
> stage. In other words, there is electronics behind them, not just some
> cable wizardy.
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users