Date: Fri, 19 Jan 1996 13:21:08 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: marino.ladavac@aut.alcatel.at Cc: julian@ref.tfs.com, questions@freebsd.org Subject: Re: ethernet packet sniffer. Message-ID: <199601192021.NAA08532@phaeton.artisoft.com> In-Reply-To: <9601190916.AA04378@atuhc16.atusks01.aut.alcatel.at> from "marino.ladavac@aut.alcatel.at" at Jan 19, 96 10:16:54 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > No, it only would reveal physical connections, Mike Smith was right > > > about what he said, there isn't any way to detect a receiver. This would > > > only detect extra cable taps that a network administrator didn't know > > > about. And it wouldn't reveal what those taps were doing, either, just > > > that they existed. > > They wouldn't reveal a nonintrusive high impedance tap.. > > It might. The break in insulation you would create when you are > attaching your tap might be a visible enough discontinuity. BNC > connectors are easily visible even though they are loaded with a > matching load. I took this to be a low draw capacitive tap rather than a tap requiring an insulation break. The high impedence would make for a large relaxation time on the combined LC-tank circuit. Such an arrangement would be very hard to detect unless you ran cable with a much higher than necessary frequency response for ethernet, and ran your detection equipment at a much higher frequency than your standard traffic. Then you'd see a nice capicitive charging effect in the case of a tap (or adjacent cables, in some cases), but unless the frequency differential was very high proportional to the cable length, you'd only get a very general idea of where the tap (or adjacent cable) was located. If someone is going to go to this much trouble, then they are probably intercepting the EM from your monitors to read your screens anyway and you probably have your own spooks dealing with the problem of having a spy in your shielded building. Reminds me of the story of the guard in the tempest vault who brought down the wrath of the brass from watching football games on a protable TV while on duty. They didn't care what he did to amuse himself while he was there, but they *did* care that RF was able to get into the vault -- it meant it could get out. 8-). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601192021.NAA08532>