Tag: ethernet tap

maintenance: 4/11/2008

Posted by Eric – April 13, 2008

Upgrades

These are the packages that would be merged, in order:

Calculating world dependencies.  ... done!
[ebuild     U ] sys-devel/m4-1.4.10-r3 [1.4.10-r1] USE="nls -examples" 0 kB
[ebuild     U ] net-misc/openssh-4.7_p1-r6 [4.7_p1-r5] USE="pam tcpd -X -X509 -chroot -hpn -kerberos -ldap -libedit (-selinux) -skey -smartcard -static" 0 kB

Total: 2 packages (2 upgrades), Size of downloads: 0 kB

Physical Changes
Removed the Ethernet tap and will set it aside for now. There proved to be no foreign IP addresses crossing the cable modem visible to the router. Since the Cable Internet network is supposed to be shared with your local neighborhood I assume the cable modem is doing some simple address filtering. I saw plenty of arp/broadcast traffic but nothing more interesting than that. I’m considering buying a second wireless router and setting up a honeynet. However, I think it wouldn’t be so smart attracting people sitting outside my house.

Maintenance: 3/17/2008

Posted by Eric – March 18, 2008

Upgrades

These are the packages that would be merged, in order:

Calculating world dependencies     ... done!
[ebuild     U ] sys-apps/man-pages-2.78 [2.76] USE="nls" LINGUAS="-cs% -da% -de% -es% -fr% -it% -ja% -nl% -pl% -ro% -ru% -zh_CN%" 0 kB
[ebuild     U ] sys-libs/com_err-1.40.6 [1.40.4] USE="nls" 3,977 kB
[ebuild     U ] sys-libs/ss-1.40.6 [1.40.4] USE="nls" 0 kB
[ebuild     U ] sys-fs/e2fsprogs-1.40.6 [1.40.4] USE="nls -static" 0 kB
[ebuild  NS   ] sys-kernel/gentoo-sources-2.6.24-r3  USE="-build -symlink" 82 kB

Total: 5 packages (4 upgrades, 1 in new slot), Size of downloads: 4,058 kB

Misc.

The Ethernet tap is installed and operational. I’m deciding whether to install Snort.

Pictures

Posted by Eric – March 14, 2008

Hooray! The Ethernet tap is finally complete.

Ethernet tap three-quarter view

The tap in all of it’s glory.

Ethernet tap warning

I originally wanted to install a fake switch next to this warning but I gave up on it. Just so it would be finished and I could start using it.

Ethernet tap wiring

Only four wires are really important so that’s why I didn’t bother with unnecessary copper. The diagram is rather difficult to read, but I made it work anyway.

All Your Data Are Belong To Me

Posted by Eric – March 13, 2008

The Ethernet tap is all complete. I used a 5″x2.5″x2″ project box from Radio Shack and cut the holes in it with a box cutter. Filed down the rough edges so the keystone jacks fit firmly in their holes then a little super glue to hold everything in place. Just for some superfluous decoration I’m gonna put a unconnected switch in the box and a sticker that reads “Warning: Turning off power or pressing Reset switch could lose contents of hard drive. If you must restart this system, please get help or use Ctrl-Alt-Del…” :P hehe

Here’s the parts list for everything I’ve bought so far

1 RadioShack Project Box	3.69
4 RJ45 Keystone jacks		18.24
1 Economy UTP Stripper		4.49
2 Linksys LNE100TX NICs		39.98
  Discarded Ethernet cable	1.00
1 RJ45 crimper			64.05
8 RJ45 jacks 0.40 each		3.20

Total				134.65

All of the above I bought locally from Radio Shack, OfficeMax, and Randolph-Hale Electronics. I’ve already tested the wiring in the tap and I know I can get traffic to go across it but I haven’t yet dared try to sniff with it. Until now I haven’t had a solid frame to prevent unnecessary stress or bending on the wires.

Maintenance: 3/17/2008

Posted by Eric – March 11, 2008

Upgrades

These are the packages that would be merged, in order: 

Calculating world dependencies  .  ... done!

[ebuild     U ] app-misc/pax-utils-0.1.17 [0.1.16] USE="-caps" 0 kB
[ebuild     U ] sys-apps/which-2.19 [2.16] 0 kB
[ebuild  NS   ] sys-libs/db-4.3.29-r2  USE="-bootstrap -doc -java -nocxx -tcl -test" 0 kB
[ebuild     U ] dev-lang/python-2.4.4-r9 [2.4.4-r6] USE="berkdb gdbm ncurses readline ssl -bootstrap -build -doc -examples -ipv6 -nocxx -nothreads -tk -ucs2" 0 kB

Total: 4 packages (3 upgrades, 1 in new slot), Size of downloads: 0 kB

Physical Changes
In preparation for getting my Ethernet tap wired up I bought two more NICs and installed them. The server now has three total. I made sure I bought the Linksys LNE100TX model so that all three cards use the tulip driver.

crimp

Posted by Eric – March 10, 2008

I taught myself how to terminate ethernet recently. The crimper and rj45 jacks I bought from Randolph-Hale Electronics. So far I’ve only had one failed cable after making several. I thought I was going to need a cable tester but now it seems I can do without it.

Then, on Friday, I decided that I was going to build an Ethernet Tap.

ethernet tap

An Ethernet tap is a series of four RJ45 keystone jacks that are wired up to intercept all traffic that passes through it. The two jacks in the middle will each see half of a full-duplex connection. Obviously, two NICs are required to listen to both sides of the connection but I can try merging the separate capture files later. After getting this device built the next step will be reconfiguring the network topology in the office. Right now the router and server sit on opposite sides of the room but if the router and switch flip flop it might work.