Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Receive only success/questions

From: w <sibertron () sibertron org>
Date: Thu, 6 Sep 2001 21:23:19 -0500 (CDT)
Hi,

I built receive only cables based on the following methods:

Method 1:
  http://personal.ie.cuhk.edu.hk/~msng0/sniffing_cable/index.htm

Method 2:
LAN.......Sniffer
1.-----\..../--.1
2.---\.|....\--.2
3.---+-*-------.3
4.-..|........-.4
5.-..|........-.5
6.---*---------.6
7.-...........-.7
8.-...........-.8

(Found in FAQ, as well as on the list).

Hardware:
3Com TP4 10 MB HUB
2 Tooless IDC Keystone Jacks (Frys sucks)
1 150pF capacitor (Frys still sucks)
3 Cat 5 cables

Result:
I had success with both methods.  Method 1, of course, is simpler
to build.  I did notice that a "few" packets managed to sneak by
although the error rate was well over 85%.
For the absolutist, Method 2 is probably the way to go.  I tested
both methods (to a limited extent) with snort, iptraf and ethereal.

Question:

For Method 2, the 3Com hub I used, placed the connected port in
a partitioned/isolated state.  This did not seem to effect the
ports ability to receive data.  I'm wondering if anyone knows
whether this will pose any potential problems (ie, spontaneous
disconnects for any other devices connected to the same hub...uhhh,
if that makes any sense... :-).

Thanks,

W

-- 
    w () sibertron org


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: