Penetration Testing mailing list archives
Re: [PEN-TEST] Datacenter Wiring
From: Frank Knobbe <FKnobbe () KNOBBEITS COM>
Date: Fri, 20 Oct 2000 13:42:15 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been using a 'special' (well, self crimped) cable that snoops, but does not leak. I've come across one network where it didn't work (probably hub/switch type issue), but worked every else (I haven't tested that many sites, though). Here is my pinout: LAN Sniffer 1 -----\ /-- 1 2 ---\ | \-- 2 3 ---+-*------- 3 4 - | - 4 5 - | - 5 6 ---*-------- 6 7 - - 7 8 - - 8 Basically, 1 and 2 on the sniffer side are connected, 3 and 6 straight through to the LAN. 1 and 2 on the LAN side connect to 3 and 6 respectively. This fakes a link on both ends but only allows traffic from the LAN to the sniffer. My NIC is a 3Com 10/100 PCCard, your mileage may vary. There might be a problem with feedback on certain hubs/switches, but most should recognize their own MAC address and discard the packets. Regards, Frank
-----Original Message----- From: Andre Delafontaine [mailto:andre.delafontaine () ECHOSTAR COM] Sent: Friday, October 20, 2000 12:31 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Datacenter Wiring JLJ wrote:The attached snooping device doesn't need to talk, onlylisten. If it canbe quiet, it need not reveal its MAC address, and hence notreveal itspresence on the line. I have read that old style AUI cardshave a separate"transmit" pair that can be clipped...I am sure that asuitable device couldbe constructed, including wireless LAN equipment with me onthe receivingend a few buildings away.I had a talk with Marcus Ranum a while back on this exact topic with NICs using TP. My proposed method was to cut one of the sending wires, although this only works with NICs that don't require a link on the send side, although one could hook up the send wires to a different, unused hub just to create a link signal. His method was to insert a diode (the right way, whichever way that is) in one of the send wires so that the NIC still sees link but isn't able to send anything. I'm trying to find some time to try this out and I'm more than interested in getting feedback on other people's experiences, in particular what happens on 100BT cards. Andre -- andre.delafontaine at echostar.com F20 DSS: BD75 66D9 5B2C 66CE 9158 BB27 B199 59CE D117 4E9F F16 RSA: F8 04 FE 50 02 B5 03 02 F6 87 C7 8D F9 2E B8 58
-----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOfCSB0RKym0LjhFcEQLNMQCg1yeZ0i3z41IMTGtw4KWy84JalNwAoKJp SOmVMq99fDWMrHy7z86wOjFo =fJky -----END PGP SIGNATURE-----
Current thread:
- Re: [PEN-TEST] Datacenter Wiring Tim (Oct 19)
- Re: [PEN-TEST] Datacenter Wiring Charlie Rhodes (Oct 19)
- <Possible follow-ups>
- Re: [PEN-TEST] Datacenter Wiring Thomas Hayward (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Frank Knobbe (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Frank Knobbe (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Meritt, Jim (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Stiles, Robert (Oct 24)
- Re: [PEN-TEST] Datacenter Wiring Carskadden, Rush (Oct 24)
- Re: [PEN-TEST] Datacenter Wiring John Brand (Oct 25)
- Re: [PEN-TEST] Datacenter Wiring Rebecca Kastl (Oct 25)