RE: Passive Tap Help

[Frank Knobbe <frank () knobbe us>]

On Mon, 2003-12-01 at 09:21, Peters, Michael D. wrote:
> http://www.snort.org/docs/100Mb_tapping1.pdf is the picture I am
> referencing. I am looking to decipher the exact pin out of the 100Mb copper
> tap. It looks like I would have 4 - RJ45 Ethernet jacks in the tap.
>
> I guess I am looking for an "Ethernet Tap for Dummies" version that includes
> the wiring pin out for all 4 jacks.

I see. This should be wired like this (theoreticall, I haven't tried this particular wiring):

1 ---*----------- 1
2 ---|-*--------- 2
3 ---|-|---*----- 3
4 ---|-|---|----- 4
5 ---|-|---|----- 5
6 ---|-|---|-*--- 6
7 ---|-|---|-|--- 7
8 ---|-|---|-|--- 8
     | |   | | 
     | |   | |
     1 2   1 2

The pins on the hub appear not to be used. Most likely the hub won't
show a link. (That's the reason my cable loops pin 1 and 2, to fake a
link).

For reference, pins 1 and 2 are SEND lines from a device point of view
(and RECEIVE lines into a hub/switch). Pins 3 and 6 are RECEIVE lines
from a device point of view. 

Both streams are fed from the cable into the hub (on it's RECEIVE
lines). Keep in mind that if you monitor a full-duplex connection you
will encounter packet loss due to collisions. You either need to force
half-duplex on your monitored connection, or use some switch that can
guarantee buffering and reassembly of the packets.

Enjoy,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part