Did the Know How team ever do the build your own network tap? Was looking forward to that episode

[G+_James Landi (Rudedog)]

Did the Know How team ever do the build your own network tap? Was looking forward to that episode.

[G+_Travis Hershberger]

Not that I remember. The I wouldn't trust my memory of things to far ?

[G+_Hector Sotomayor]

What is a network tap?

[G+_Ben Reese]

I don't think they did a DIY build, but mentioned it could be done.

 

Hector Sotomayor?, a network tap is a device that lets you passively monitor network traffic.

[G+_Black Merc]

I built one.. Based off the files at hak5.org the throwing star tap.

[G+_Black Merc]

Here is the insides

[G+_Ben Reese]

Black Merc so that requires 2 NICs?

[G+_Black Merc]

Ben Reese unfortunately... yes. Inbound and outbound traffic is separate (some cases a good thing). This is a simple tap.(think FBI tapping your house phone)

[G+_Golden Retriever]

They did a whole series on networking 101 ETC.......

[G+_Ben Reese]

Black Merc ha. Jokes on them! I don't have a house phone. I just carry around 2 remote spy devices that can track me to a 10ft radius ?

[G+_Black Merc]

Anyway... Having the two separate 'channels' may make it easier to see if that Microsoft product is phoning home.

[G+_todd zimmerman]

FYI: Hak5.org has a Throwing Star LAN tap (passive) that you buy and solder yourself for about $15. I had one on order (I received it about a month ago), but saw that Frys had on sale a NetGear ProSafe gigabit switch (GS108E) that had port mirroring that I could get 3 days before the Throwing Star would arrive by mail. I went ahead and got the Switch and have the Throwing Star as a backup.

[G+_Black Merc]

todd zimmerman throwing star don't require power.

[G+_todd zimmerman]

Black Merc yes, the throwing star doesn't require power, but its effectively half-duplex, and also limited to 100mbps (it uses a small capacitor on the line to trick the gigabit handshake into thinking there's slight noise on the line to drop the handshake to 100mbps throughput with a supposed low packet loss)

[G+_Black Merc]

todd zimmerman? what more do you need? Unless you have corporate lan (1gig or more) 100 is plenty fast to keep up with the isp connection. Half duplex? How do you figure? Just for the reason you see outbound on one connection and inbound on the other? Remember this is just for you to listen in, Not injections.

[G+_todd zimmerman]

Black Merc? I might be wrong on this, but my understanding is that throwing star (under most circumstances) allows you to tap the inbound or the outbound direction, but not both at the same time (not unless you have two Ethernet ports on the eavesdropper). This makes it hard to hear both ends of the conversation (e.g., the outgoing request, and the incoming response) without having to somehow manually multiplex the the sides of the streams together on the packet capture. This is the main reason I opted to use the port mirroring switch option (I can see both incoming and out going packets at the same time, and in relative sequence of each other).

 

The one downside to the mirroring: my "spy" laptop throws its (normal background) traffic out onto the mirrored port that it's listening to for the "victim's" traffic. This requires me to filter out the "spy" traffic from the "victim" traffic in wireshark.

[G+_Black Merc]

todd zimmerman yes to do full capture (in and out bound)with the star will require two nic's, however padre' alluded to a way around, bridging the two nic's together so to listen to both. But, to be sure not to be noticed on your mirror, set the nic to promiscuous mode(listen only), you will hear all and they will hear not.

[G+_Black Merc]

todd zimmerman?? sorry i got that wrong promiscuous mode is receive all packets(normal mode receives only packets to your ip address)

Here again is the beauty of the old-school tap... The pair your listening to only goes to the receive of that nic (ol'ma bell can listen all she wants as long as she don't wire-in the microphone)

[G+_Francis Kindred]

I think padre mentioned he was going to do it after he gets back.