Windows Intrusion Detection System - Companion Add-On Tutorial
Construction and Use of a Passive Ethernet Tap
Written by: Michael Peters - 2003
IntroductionThis tutorial is a simple to understand, step-by-step tutorial for building and deploying an Ethernet tap to an existing network.
- A single 4-port Ethernet housing such as the Versatap AT44 Surface Jack Housing from Allen Tel Products
- 4 Category 5e modular snap-in jacks such as the AT55 Category 5e Modular Snap-In Jacks from Allen Tel Products
- A small section, about 6 inches, of Category 5e cable
ConstructionFigure 1 represents the AT55 Category 5e jack. The wire termination pin positions and associated wire color codes are also shown.
Figure 1: AT55 Category 5e Jack
This diagram is usually included with new Category 5e jacks from any other vendor.
Disassemble the section of Category 5e wire that you have into eight separate wires. These wires should have the same color codes as in Figure 1.
The next step should be to partially assemble the Ethernet housing with the four jacks. These should snap into position easily. Once mounted, begin wiring the first jack position using the solid orange wire. Use the next diagram as a guide. The wires can be inserted with a small screwdriver or some other small flat tool.
Once you have terminated all eight wires, trim off any excess wire that remains. Snap the housing closed, and you should now have a completed passive Ethernet tap (see Figure 2).
Figure 2: Passive Ethernet Tap
Instructions for UsePlace the passive Ethernet tap inline between a host machine and the Ethernet switch using the two outside positions labeled "HOST". Verify that the link status indicators on your host Ethernet interface and the Ethernet switch are connected again. You may now connect the Ethernet port of your sniffer or IDS sensor into the Tap A and/or Tap B connectors of the passive Ethernet tap.
Keep in mind that when you have a full-duplex Ethernet connection, Tap A will show half-duplex traffic and Tap B will show the remaining traffic. You will need to use two Ethernet interfaces to examine both halves of the full-duplex signal. If you use Sun Trunking software, the traffic can be reassembled. See sun.com for information on Sun Trunking software.
Optional Companion Documents
Be SURE to check out the available 'Companion Add-on Documents' to enhance the Windows Intrusion Detection System (WinIDS) experience.
- How to Install Pulledpork for rule management in an existing Windows Intrusion Detection System (WinIDS) Master/Slave sensor.
This tutorial will show how to Install Pulledpork for rule management in an existing Windows Intrusion Detection System (WinIDS) Master/Slave sensor.
- How to add Event Logging to a local Syslog Server.
This tutorial will show how to configure Snort to send events to a local Syslog Server, on an existing Windows Intrusion Detection System (WinIDS).
- How to add Event Logging to a remote Syslog Server.
This tutorial will show how to configure Snort to send events to a remote Syslog Server from an existing Windows Intrusion Detection System (WinIDS).
- How to compile Barnyard2 on Windows using Cygwin for PostgreSQL database support
This tutorial is a simple to understand, step-by-step tutorial for Compiling Barnyard2 on Windows using Cygwin (UNIX emulator) for PostgreSQL database support.
- How to build and deploy a passive Ethernet tap
This tutorial will show how to build and deploy a passive Ethernet tap.
Updating the Windows Intrusion Detection Systems (WinIDS) Major components
- How to update the Snort Intrusion Detection Engine
This tutorial will show How to update the Windows Intrusion Detection Systems Snort Intrusion Detection Engine.
- How to update the Rules, Signatures, and sig-msg.map file
This tutorial will show how to update the Windows Intrusion Detection Systems rules, signatures, and the 'sig-msg.map' file.
General tutorial issuesFor general problem issues that pertain to this specific tutorial, left-click the community support button at the top of this tutorial, or manually navigate to the correct community support forum pertaining to this specific tutorial.
Michael E. Steele | Microsoft Certified System Engineer (MCSE)
Email Support: firstname.lastname@example.org
Snort: Open Source Network IDS - www.snort.org