OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Karma (stevefrij.com.au)
Date: Sat Apr 27 2002 - 19:03:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    >
    > First we tried following Sam Ng's instructions at:
    >
    > http://personal.ie.cuhk.edu.hk/~msng0/sniffing_cable/index.htm
    >
    > We had NO success with this on a 100mb/s link. There are a few
    > possibilities why: 1) gross incompetence on our part, 2) The 100mb/s
    version
    > of the cable was not tested by the author and doesn't actually work, or 3)
    > my capacitor was in backwards.
    >
    > It's been a while since high school but I recall that capacitors have a
    > polarity. Can anyone comment on which direction the capacitor should face
    > (please don't say "North")? Also, do I have my units right that the
    > capacitor specified by the author saying, "C = 15p (f)" actually
    translates
    > to a Radio Shack 15uF 35WVDC Axial lead electrolytic capacitor? Egads,
    it's
    > not supposed to be 15 pico-farads is it?
    >
    > So we gave up on Mr. Ng's method. Bummer.

    Those are definitely picofarads range, which has no polarity. It is a high
    pass filter working in the MHz range, an electrolytic capacitor simply has
    no time to cause the eletrolysis. Use Mica caps, and no they have no
    polarity.

    > Next, we tried the UTP Y-Cable specified by Joe Lyman at:
    >
    > http://www.theadamsfamily.net/~erek/snort/ro_cable_and_hubs.txt
    >
    > THIS worked great! It sure looks funny but it does the trick. However,
    > some of our IDS sensors will be on hubs and some of them will be on a
    switch
    > port (configured for monitoring). I don't think Mr. Lyman's trick will
    work
    > on a switch.
    >
    > We haven't tried the cable specified in the Snort FAQ. It's meant towards
    a
    > hub only.
    >
    > Any other ideas? I realize this has come up before but from the archives
    I
    > don't see any obvious solutions.
    >
    > Thanks,
    > Bofh
    >
    >

    I dont really know what you're trying to do, I do apologise, but from your
    mail, it seems you are trying to capture packets without them knowing there
    is a life "listener" is that right ?

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
    For additional commands, e-mail: honeypots-helpsecurityfocus.com
    ---------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert
    (SIA) Service. For more information on SecurityFocus' SIA service
    which automatically alerts you to the latest security vulnerabilities.
    Please, see: https://alerts.securityfocus.com/