Split a 100MB ethernet connection for sniffing
Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Split a 100MB ethernet connection for sniffing

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Split a 100MB ethernet connection for sniffing

    Short of using a switch with a mirror port is there a good way to split a 100MB ethernet connection for sniffing so you can just sniff whats on that one line? In this case I dont want to do any kind of arp poisoning. I tried to use an old 10MB hub to split the connection but it did not work that well, best I could manage was half duplex. I'm making a new tutorial about Cain and it would help if I could figure it out. Thanks.

  2. #2
    Senior Member
    Join Date
    Jul 2004
    Posts
    469

    Re: Split a 100MB ethernet connection for sniffing

    Originally posted here by Irongeek
    split a 100MB ethernet connection for sniffing
    I'm not quite sure what you mean by this? Do you mean to monitor it? If this is the case a network tap would be the best idea. A hub works in the same manor except it can generate collisions which cause problems.

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I just googled them, wat out of my price range. But thanks for pointing them out.

  4. #4
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    I have an idea but I have NO idea if it would work... Could you physically cut the cable, and connect two wires to each of the wires in the original cable, then connect one set back to the original cable, then connect the other to your sniffer computer?

    That's my best idea, though I doubt it'd work.
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Thanks Grunt, but I tried that, best I could do by splicing wires was a half duplex sniff. Could be I wired it wrong, but I canít think of a way you can do that without screwing up the transmit and receive lines.

  6. #6
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I think you would nead a custom routing table, how you go about that is well beyond me. Ho hum.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    As far as I can gather, you're attempting a setup like this..

    Code:
    Victim PC ----- Switch
        Sniffer--/
    Instead of splicing the wires, which would cause massive amounts of cross talk (removing the shielding and twists from a section of CAT5 is never a good idea)... Why do you just combine them? You're PC will transmit on pins 1 & 2 and receive on pins 3 & 6.. You only need to receive data to sniff.. Combine the cables at the end... it'll be a pain in the ass to slide two of them into a single RJ45 connector.. and will require some fancy work on your part.. but it's what I'd try..

    Step 1: Strip and prepare the ends of two lengths of Cat5 as you normally would.
    Step 2: Using your teeth, or small enough wiring strippers, remove the sheathing on the individual copper lines for pins 3 & 6 (White-Green and Green for example), Only do this to one end of each of the lengths of cable.
    Step 3: Twice the bare ends together (3 to 3 and 6 to 6).. twist really tight because you're going to have to fit it into the groove of the RJ45 connector...
    Step 4: Wire the end of the one cable (2 spliced ends and then 6 ends from one of the 2 lengths).. I'd apply a little electrical tape around this end for safe measure.
    Step 5: Wire the opposite ends of both cables as you normally would.
    Step 6: Plug the spliced end into the switch, plug the fully wired opposite end into the victim and the partial wired opposite end into the sniffer..

    I believe that would work for ya... however, I'm extremely tired.... so who knows..

    Good luck and let me know your results.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    I have built this one in the past with great fun and success..

    http://www.snort.org/docs/tap/

    It's just a couple bucks.

    I think the best you can do is 1/2 until something re-assembles...AFAIK.

  9. #9
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Thanks HTRegz, I've tried something like that before but I only could get one side of the date (in other words, not full duplex). I would need someway to isolate the send wires from the receive otherwise it looks like the switch just faults on that port because it sees a loop back problem (I could be misinterpreting what I see).

  10. #10
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Thanks ss2chef, it's kind of like what HTRegz was geting at. With the tap and two NICs I could get something like full duplex.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •