[Snort-users] Creating a 'read-only' 100/10BaseT ethernet cable

Ed Padin ohdamnthathurts at ...131...
Thu Jan 4 11:22:10 EST 2001


Hi,

I've been trying to create a patch cable for a snort box that is a
'read-only cable. I remember people on this list mentioning something about
this but could nto turn up anything on the archives. I know that you can run
snort on an interface that has no IP address but I'd also like to provide
physical security to guard against a configuration error.

I think I remember that you need to complete only one of the pairs in order
to read packets but the other pair to write packets is not used. Here's what
I tried so far:

Create a cable where only pair 1&2 are used

Create a cable where only pair 3&6 are used

Create a cable where only pair 1&2 are used and 3&6 looped back to the hub

Create a cable where only pair 3&6 are used and 1&2 looped back to the hub


I'm trying this on a hub that does 100Mbit ethernet and supports full
duplex. The card I am using usually negotiates a full duplex connection. I
have tried rebooting the box with each config mentioned above.

Has anybody got this working? If so, could you describe your configuration?

aTdHvAaNnKcSe
















More information about the Snort-users mailing list