Introduction

This tutorial is a simple to understand, step-by-step tutorial for building and deploying an Ethernet tap to an existing network.

Hardware Requirements

• A single 4-port Ethernet housing such as the Versatap AT44 Surface Jack Housing from Allen Tel Products
• 4 Category 5e modular snap-in jacks such as the AT55 Category 5e Modular Snap-In Jacks from Allen Tel Products
• A small section, about 6 inches, of Category 5e cable

Construction

Figure 1 represents the AT55 Category 5e jack. The wire termination pin positions and associated wire color codes are also shown.


This diagram is usually included with new Category 5e jacks from any other vendor.

Disassemble the section of Category 5e wire that you have into eight separate wires. These wires should have the same color codes as in Figure 1.

The next step should be to partially assemble the Ethernet housing with the four jacks. These should snap into position easily. Once mounted, begin wiring the first jack position using the solid orange wire. Use the next diagram as a guide. The wires can be inserted with a small screwdriver or some other small flat tool.

Once you have terminated all eight wires, trim off any excess wire that remains. Snap the housing closed, and you should now have a completed passive Ethernet tap (see Figure 2).

Instructions for Use

Place the passive Ethernet tap inline between a host machine and the Ethernet switch using the two outside positions labeled "HOST". Verify that the link status indicators on your host Ethernet interface and the Ethernet switch are connected again. You may now connect the Ethernet port of your sniffer or IDS sensor into the Tap A and/or Tap B connectors of the passive Ethernet tap.

Optional Companion Documents

• How to add Event Logging to a local Syslog Server.
  This tutorial will show how to configure Snort to send events to a local Syslog Server, on an existing Windows Intrusion Detection System (WinIDS).

• How to add Event Logging to a remote Syslog Server.
  This tutorial will show how to configure Snort to send events to a remote Syslog Server from an existing Windows Intrusion Detection System (WinIDS).

• How to add Email Alerting to an existing Windows Intrusion Detection System (WinIDS)
  This tutorial will show how to email user defined priority events on an existing Windows Intrusion Detection System (WinIDS).

• How to configure Barnyard2 to run as a service
  This tutorial is a simple to understand process on how to configure Barnyard2 to run as a service.

• How to compile Barnyard2 on Windows using Cygwin
  This tutorial is a simple to understand, step-by-step guide for Compiling Barnyard2 on Windows using Cygwin (UNIX emulator).

• How to build and deploy a passive Ethernet tap
  This tutorial will show how to build and deploy a passive Ethernet tap.

Updating the Windows Intrusion Detection Systems (WinIDS) Major components

• How to update the Snort Intrusion Detection Engine
  This tutorial will show How to update the Snort Intrusion Detection Engine.

• How to update the Windows Intrusion Detection Systems rules
  This tutorial will show how to update the Windows Intrusion Detection Systems rules.

Debugging Installation errors

For general problem issues that pertain to this specific tutorial, left-click the get community support button at the top of this tutorial, or manually navigate to the correct community support forum pertaining to this specific tutorial.

Michael E. Steele | Microsoft Certified System Engineer (MCSE)
Email Support: support@winsnort.com
Snort: Open Source Network IDS - www.snort.org