Sign in to follow this  
Followers 0

How to Create and Install a Passive Ethernet Tap


Windows Intrusion Detection System - Companion Add-On Tutorial

ids.gif

Construction and Use of a Passive Ethernet Tap

Written by: Michael Peters - 2003



Introduction

This tutorial is a simple to understand, step-by-step tutorial for building and deploying an Ethernet tap to an existing network.

Hardware Requirements

  • A single 4-port Ethernet housing such as the Versatap AT44 Surface Jack Housing from Allen Tel Products
  • 4 Category 5e modular snap-in jacks such as the AT55 Category 5e Modular Snap-In Jacks from Allen Tel Products
  • A small section, about 6 inches, of Category 5e cable

Construction

Figure 1 represents the AT55 Category 5e jack. The wire termination pin positions and associated wire color codes are also shown.

passive_fig_1.gif

Figure 1: AT55 Category 5e Jack


This diagram is usually included with new Category 5e jacks from any other vendor.

Disassemble the section of Category 5e wire that you have into eight separate wires. These wires should have the same color codes as in Figure 1.

The next step should be to partially assemble the Ethernet housing with the four jacks. These should snap into position easily. Once mounted, begin wiring the first jack position using the solid orange wire. Use the next diagram as a guide. The wires can be inserted with a small screwdriver or some other small flat tool.

Once you have terminated all eight wires, trim off any excess wire that remains. Snap the housing closed, and you should now have a completed passive Ethernet tap (see Figure 2).

passive_fig_2.gif

Figure 2: Passive Ethernet Tap


Instructions for Use

Place the passive Ethernet tap inline between a host machine and the Ethernet switch using the two outside positions labeled "HOST". Verify that the link status indicators on your host Ethernet interface and the Ethernet switch are connected again. You may now connect the Ethernet port of your sniffer or IDS sensor into the Tap A and/or Tap B connectors of the passive Ethernet tap.

Keep in mind that when you have a full-duplex Ethernet connection, Tap A will show half-duplex traffic and Tap B will show the remaining traffic. You will need to use two Ethernet interfaces to examine both halves of the full-duplex signal. If you use Sun Trunking software, the traffic can be reassembled. See sun.com for information on Sun Trunking software.

Optional Companion Documents

Be SURE to check out the available 'Companion Add-on Documents' to enhance the Windows Intrusion Detection System (WinIDS) experience.

Updating the Windows Intrusion Detection Systems (WinIDS) Major components


General tutorial issues

For general problem issues that pertain to this specific tutorial, left-click the community support button at the top of this tutorial, or manually navigate to the correct community support forum pertaining to this specific tutorial.

Michael E. Steele | Microsoft Certified System Engineer (MCSE)
Email Support: support@winsnort.com
Snort: Open Source Network IDS - www.snort.org