BWGames wrote:
> On Sat, 24 Apr 2004 22:14:15 +0100, in comp.os.linux.networking, BWGames
> wrote:
>
>
>>I remember seeing somewhere a diagram for a custom RJ45/Cat5 cable that fed
>>all the data transferred over it to a IDS system in a RX only config, so
>>that the IDS couldn't be breached, can someone point me to a diagram for
>>this?
>>
>>Thanks...
>
>
> Sorry - this isn't quite what I want - I want a way to 'listen in' on a
> cable, RX only...
>
> Any ideas?
>
> Thanks,
>
> Ben
You can "listen in" stealthily via your network equipment.
In order to do this, you will need a dedicated computer (or at the very
least, a dedicated network interface on a computer).
If your network consists of hubs, you are in luck "listen in"-wise,
because all the network traffic is sent to all the ports on all the hubs.
If your network is switched, you need to mirror the port of the computer
you want to "listen in" on, or more typically, the switch port of your
default gateway.
You can then connect your dedicated computer, or network interface to
any port on any hub, or to the mirror-port on your switch.
Do not set up any networking on the interface on your IDS, but use your
IDS software on that interface anyway. The traffic will reach your NIC,
but the computer will be completely invisible. How's that for stealth?
AND THEN....
There's this tool for sniffing a switched lan, that lets you spoof your
mac-address to trick your network switches to send the traffic your way.
ETTERCAP:
http://ettercap.sourceforge.net/
It's available for any platform you can think of: Linux kernel 2.0 and
up, FreeBSD, NetBSD, OpenBSD, MacOS-X, Windows 9x and up and Solaris 2.x
and up.
Similar Threads
Linear Mode
