Re: [PEN-TEST] Datacenter Wiring

[Frank Knobbe <FKnobbe () KNOBBEITS COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been using a 'special' (well, self crimped) cable that snoops,
but does not leak. I've come across one network where it didn't work
(probably hub/switch type issue), but worked every else (I haven't
tested that many sites, though). Here is my pinout:

LAN       Sniffer
1 -----\    /-- 1
2 ---\ |    \-- 2
3 ---+-*------- 3
4 -  |        - 4
5 -  |        - 5
6 ---*--------  6
7 -           - 7
8 -           - 8

Basically, 1 and 2 on the sniffer side are connected, 3 and 6
straight through to the LAN. 1 and 2 on the LAN side connect to 3 and
6 respectively. This fakes a link on both ends but only allows
traffic from the LAN to the sniffer. My NIC is a 3Com 10/100 PCCard,
your mileage may vary.

There might be a problem with feedback on certain hubs/switches, but
most should recognize their own MAC address and discard the packets.

Regards,
Frank


> -----Original Message-----
> From: Andre Delafontaine [mailto:andre.delafontaine () ECHOSTAR COM]
> Sent: Friday, October 20, 2000 12:31 PM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] Datacenter Wiring
>
>
> JLJ wrote:
> > The attached snooping device doesn't need to talk, only
> listen.  If it can
> > be quiet, it need not reveal its MAC address, and hence not
> reveal its
> > presence on the line.  I have read that old style AUI cards
> have a separate
> > "transmit" pair that can be clipped...I am sure that a
> suitable device could
> > be constructed, including wireless LAN equipment with me on
> the receiving
> > end a few buildings away.
>
>
> I had a talk with Marcus Ranum a while back on this exact topic
> with NICs using TP.
>
> My proposed method was to cut one of the sending wires, although
> this only works with NICs that don't require a link on the send
> side, although one could hook up the send wires to a different,
> unused hub just to create a link signal.
>
> His method was to insert a diode (the right way, whichever
> way that is)
> in one of the send wires so that the NIC still sees link but
> isn't able
> to send anything.
>
> I'm trying to find some time to try this out and I'm more than
> interested in getting feedback on other people's experiences, in
> particular what happens on 100BT cards.
>
>
> Andre
> --
>              andre.delafontaine at echostar.com
>
>   F20 DSS: BD75 66D9 5B2C 66CE 9158  BB27 B199 59CE D117 4E9F
>    F16 RSA: F8 04 FE 50 02 B5 03 02  F6 87 C7 8D F9 2E B8 58

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOfCSB0RKym0LjhFcEQLNMQCg1yeZ0i3z41IMTGtw4KWy84JalNwAoKJp
SOmVMq99fDWMrHy7z86wOjFo
=fJky
-----END PGP SIGNATURE-----