Re: Passive Tap Help

[Jeff Nathan <jeff () snort org>]

counter.spy () gmx de once sent this to me... it might help you out.

(Attached)

-Jeff

On Dec 1, 2003, at 11:17 AM, kenw () kmsi net wrote:

> On Mon, 1 Dec 2003 10:21:53 -0500, you wrote:
>
> > http://www.snort.org/docs/100Mb_tapping1.pdf is the picture I am
> > referencing. I am looking to decipher the exact pin out of the 100Mb 
> > copper
> > tap. It looks like I would have 4 - RJ45 Ethernet jacks in the tap.
>
> Yup.
>
> > I guess I am looking for an "Ethernet Tap for Dummies" version that 
> > includes
> > the wiring pin out for all 4 jacks.
> >
> > Best regards,
> > Michael D. Peters
>
> That diagram is interesting.  Essentially, what it does is take both 
> sides
> of a Cat 5 cable and feed them into separate RX lines on two ports of a
> switch, and then use the switch's spanned port to "see" them both at 
> once.
>
> Pin numbers on it could have helped, but you can look at any Ethernet 
> RJ45
> pinout diagram for them.  I recommend it for educational value.  Just
> remember to match polarities.
>
> Note that the "copper tap" may appear to constitute a crossover 
> connection
> on the full duplex lines, but it doesn't.  TX stays TX, RX stays RX.  
> The
> crossover occurs when one FDX TX line goes the a switch's RX lines.
>
> You could even build a box with no crossovers at all, and use a 
> crossover
> cable on one of the switch ports.
>
> So far as I can see, this is a lot of trouble and expense (low-cost
> switches with port spannning are rare) to go to when you could do 
> nearly
> all of it with a cheap hub.  The tap's claim to fame is that it passes 
> full
> duplex while monitoring both ways, by funneling two Ethernet lines into
> one; it relies on the spanned port's buffering to avoid dropping 
> packets.
> A hub would accomplish the same net result by disabling full-duplex on 
> the
> tapped line, but that's usually a minor issue, very unlikely to be 
> noticed
> on all but the busiest links.
>
> /kenw
>
> Ken Wallewein CDP,CNE,MCSE,CCA,CCNA
> K&M Systems Integration
> Phone (403)274-7848
> Fax   (403)275-4535
> kenw () kmsi net
> www.kmsi.net
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
http://cerberus.sourcefire.com/~jeff       (gpg/pgp key id 6923D3FD)
"Problems cannot be solved at the same level of awareness that
created them."   - Albert Einstein

Attachment: PGP.sig
Description: This is a digitally signed message part