Re: Re: in-line coax monitoring device

[Michael Holstein <michael.holstein () csuohio edu>]

> Except that you need a cable modem that's set up to put go into promiscuous mode, and not transmit anything.  I believe 
> this may be doable with SNMP, but you would have to know the community strings used by the ISP.

The SNMP strings are easily had -- they're in your DOCSIS config file 
that gets TFTP'd from the headend to your HFC. It's still easier to just 
load your own using the TFTP spoofing method (assuming your modem is old 
enough) described here :

http://www.wi2600.org/pipermail/2600/2001-October/008668.html

> The modems the ISPs ship only pass inward traffic destined for their own addresses.  I'm not sure if they announce their presence, if the computer behind them is silent - that might take some tweaking also.  What Alex described looked more like a passive tap, that won't emit any signals.  

You could accomplish this by tinkering with the config file to set the 
transmit channel to some useless value, and the transmit power to 
maximum attenuation (both are configurable parameters in the DOCSIS 
config file).

I don't think that you can adjust the receive channel width .. meaning 
you'd have to scan them (much like you must do with 802.11 a/b/g).

You could also get a Cisco uBR card/router and bridge the interfaces to 
ethernet. A quick eBay search turns up 38 instances of "cisco ubr".

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/