http://jcostom.wordpress.com/2009/04/26/installing-a-nids-with-a-passive-ethernet-tap/ 186,000 miles per second, it's not just a good idea, it's the law. Sun, 19 Dec 2010 17:24:45 +0000 hourly 1 http://wordpress.com/ http://jcostom.wordpress.com/2009/04/26/installing-a-nids-with-a-passive-ethernet-tap/#comment-57 Thu, 23 Sep 2010 06:54:23 +0000 http://www.jasons.org/?p=235#comment-57 [...] Installing a NIDS with a passive Ethernet tap « In Other Words [...]

]]> http://jcostom.wordpress.com/2009/04/26/installing-a-nids-with-a-passive-ethernet-tap/#comment-50 Wed, 18 Nov 2009 18:51:49 +0000 http://www.jasons.org/?p=235#comment-50 I am using Ubuntu and have followed your post.  On PC eth2 and eth3 I am not getting any
link lights.  In turn there are no receiving any packets.   I’ve been monitoring /proc/net/dev.  If I plug the cable from eth2 or eth3 directly into a switch the port come up and start working.  I had assigned them private IP on my network and they worked perfectly.  Any thoughts?
 

]]> http://jcostom.wordpress.com/2009/04/26/installing-a-nids-with-a-passive-ethernet-tap/#comment-49 Tue, 28 Jul 2009 14:46:50 +0000 http://www.jasons.org/?p=235#comment-49 Your comment about the safety of this device, that you’ll never accidentally transmit on the tapped line because you’re only using the RX pair, is no longer true.  Many NICs these days will attempt to autodetect the MDI (The “switch-or-host”iness of an interface).  If they’re not receiving anything, they’ll try sending a burst of data on the RX pair and see if they hear anything on the TX pair.
At least, this was my experience when putting together the talk I’ll be giving in the DefCon SkyTalks this year (2009).
But, otherwise, this page is cool indeed. 
-Mark

]]>