[Snort-users] Passive Tap Help
frank at ...9761...
Mon Dec 1 08:03:03 EST 2003
On Mon, 2003-12-01 at 09:50, Frank Knobbe wrote:
> For reference, pins 1 and 2 are SEND lines from a device point of view
> (and RECEIVE lines into a hub/switch). Pins 3 and 6 are RECEIVE lines
> from a device point of view.
> Both streams are fed from the cable into the hub (on it's RECEIVE
BTW: Keep in mind that you can probably not just tack those "tap" lines
into the other cable with a simple solder joint and run it into a third
cable segment. You will mess up the dynamics of this cable to the point
where you will probably loose data. Taps use electronics to get around
that. Three-forked cable have some interesting dynamic properties.
Reflection and resonance and such are way different and on a single
strand of wire.
So for home made stuff, I suggest one of the two (or three) read-only
cables. In theory they move the hub to the top of the drawing and use a
single munged cable to feed the IDS. The hub with its electronics will
ensure a clean "tap" into the sniffed segment.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users