[Snort-users] Creating a 'read-only' 100/10BaseT ethernet cable
ohdamnthathurts at ...131...
Thu Jan 4 11:22:10 EST 2001
I've been trying to create a patch cable for a snort box that is a
'read-only cable. I remember people on this list mentioning something about
this but could nto turn up anything on the archives. I know that you can run
snort on an interface that has no IP address but I'd also like to provide
physical security to guard against a configuration error.
I think I remember that you need to complete only one of the pairs in order
to read packets but the other pair to write packets is not used. Here's what
I tried so far:
Create a cable where only pair 1&2 are used
Create a cable where only pair 3&6 are used
Create a cable where only pair 1&2 are used and 3&6 looped back to the hub
Create a cable where only pair 3&6 are used and 1&2 looped back to the hub
I'm trying this on a hub that does 100Mbit ethernet and supports full
duplex. The card I am using usually negotiates a full duplex connection. I
have tried rebooting the box with each config mentioned above.
Has anybody got this working? If so, could you describe your configuration?
More information about the Snort-users