Full Disclosure mailing list archives
RE: Incident response kit? Really OT, but need some help.
From: Akatosh <akatosh () rains net>
Date: Thu, 7 Aug 2003 18:16:31 -0400 (EDT)
* Small 8-port hub (NOT A SWITCH!). Get a really old one with AUI & coax. * Tx-neutered Cat5 (snip one wire, it's receive-only!)
following your train of thought, a 4 port keystone box with 4 jacks wired up like this is usefull: 1 -----\ <--this port makes some switches act hub-like 2 ---\ | 3 ---+-*------\ 4 - | | 5 - | | 6 ---*-----\ | 7 - | | 8 - | | | | | | rx sniff | | 1---\ | | 2---/ | | <-- put your sniffer here 3 -----*---+--/ 4 - | | 5 - | | 6 ---*-+---/ 7 - | | 8 - | | | | | | LAN | | LAN <--- lan ports 1 and 2, slip between something 1 ---+-*------- 1 | 2 ---*--------- 2 3 ------------- 3 4 - - 4 5 - - 5 6 ------------- 6 7 - - 7 8 - - 8 It doesn't need electricity and if you slip it between something, it's transparent. It sniffs in one direction. Use crossover cords when you hook it up to get the other direction. I also use bed-of-nails test clips to clip on tx or rx pairs instead of slipping the tap box between things if I don't want the link down/up showing up. -- Edward Fahner [aka. Akatosh .CU.Au, akatosh () rains net] DC2.DwGmL--WT--SksCre+\Cvi+BflA(+r-v+++)NaM++H++$FoR+Ac+++!J+S+U-I--#V+++Q+Tc++E-- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Incident response kit? Really OT, but need some help. Alan Kloster (Aug 07)
- RE: Incident response kit? Really OT, but need some help. Rob Adams (Aug 07)
- RE: Incident response kit? Really OT, but need some help. Akatosh (Aug 07)
- <Possible follow-ups>
- RE: Incident response kit? Really OT, but need some help. Doug Harold (Aug 07)
- RE: Incident response kit? Really OT, but need some help. Rob Adams (Aug 07)