Hi everyone :)
Me and a coworker recently thought up and built this ethertap. Anybody care to
comment?
Anybody tried something similar?
Last but not least: anybody care to tell what their experience with the
commercial 100 Mbps full-duplex taps is? (we are probably going to buy a couple
from NetOptics anyway -- at 600$ each!)
-Peter
How to sniff a 100 Mbps full duplex connection
----------------------------------------------
Let's say you have to machines (be they PC's, routers, whatever) and you want
to sniff /everything/ that happens between them. Let's complicate it further
by saying we use 100 Mbps full duplex (100Base-TX).
There are commercial solutions for this but in many cases this home-made
solution will suffice:
One end The Other end
A AO ----------------> |Magic | ------------> BI B
AI <---------------- |box | <------------ BO
| |
v v
AO_sniff AI_sniff
The magic box has two taps: one for the packets flowing out of A (AO) and
one for the packets going into A (AI).
The contents of magic box is quite simple, just a few wires, no electronics:
AO: BI:
TD+ -------------x--------------------- RD+
TD- -----------x----------------------- RD-
| |
| |
AI: | | BO:
RD+ ---------------------x-------------- RD+
RD- -------------------x---------------- RD-
| | | |
| | | |
| | | |
AO_sniff RD- --+ | | +-- RD+ AI_sniff
RD+ ----+ +---- RD-
The sniffing machines cannot inject packets into the connection - it is
receive-only because the TD+/- of AO_sniff and AI_sniff are not connected.
You may have to turn off auto-detection in the cards to make it work and you
may need to have a powered-on netcard plugged into A0_sniff and AI_sniff.
Oh, and don't make your untwisted wires too long.
We have made three prototypes of increasing sophistication (birds nest of wires
-> nicely connected wires -> nicely connected wires inside a box with 6 RJ-45
plugs, one for each of AO, AI, BI, BO, AO_sniff, AI_sniff). The first one had
some noise problems but the latter two are quite well-behaved.
YMMV of course...
