OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Been There (bofhhotmail.com)
Date: Fri Apr 26 2002 - 18:27:21 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    First we tried following Sam Ng's instructions at:

    http://personal.ie.cuhk.edu.hk/~msng0/sniffing_cable/index.htm

    We had NO success with this on a 100mb/s link. There are a few
    possibilities why: 1) gross incompetence on our part, 2) The 100mb/s version
    of the cable was not tested by the author and doesn't actually work, or 3)
    my capacitor was in backwards.

    It's been a while since high school but I recall that capacitors have a
    polarity. Can anyone comment on which direction the capacitor should face
    (please don't say "North")? Also, do I have my units right that the
    capacitor specified by the author saying, "C = 15p (f)" actually translates
    to a Radio Shack 15uF 35WVDC Axial lead electrolytic capacitor? Egads, it's
    not supposed to be 15 pico-farads is it?

    So we gave up on Mr. Ng's method. Bummer.

    Next, we tried the UTP Y-Cable specified by Joe Lyman at:

    http://www.theadamsfamily.net/~erek/snort/ro_cable_and_hubs.txt

    THIS worked great! It sure looks funny but it does the trick. However,
    some of our IDS sensors will be on hubs and some of them will be on a switch
    port (configured for monitoring). I don't think Mr. Lyman's trick will work
    on a switch.

    We haven't tried the cable specified in the Snort FAQ. It's meant towards a
    hub only.

    Any other ideas? I realize this has come up before but from the archives I
    don't see any obvious solutions.

    Thanks,
    Bofh

    _________________________________________________________________
    Join the world’s largest e-mail service with MSN Hotmail.
    http://www.hotmail.com

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
    For additional commands, e-mail: honeypots-helpsecurityfocus.com
    ---------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert
    (SIA) Service. For more information on SecurityFocus' SIA service
    which automatically alerts you to the latest security vulnerabilities.
    Please, see: https://alerts.securityfocus.com/