[Snort-users] Creating a 'read-only' 100/10BaseT ethernet cable

Bill Marquette wlmarque at ...8...
Thu Jan 4 11:59:25 EST 2001


The problem is that neither the card nor the hub will detect carrier if some of
the cables are "snipped".  You probably want some type of ethernet tap device to
do this; at least on 100Mbit equipment...older 10Mbit equipment can sometimes
support this setup I understand.  In theory you could "fake" the carrier signal,
but in the long run it's easier, cheaper, and more reliable to purchase a
commercial ethernet tap.

--Bill



From: "Ed Padin" <ohdamnthathurts at ...131...> on 01/04/2001 10:22 AM

To:   snort-users at lists.sourceforge.net
cc:
Client:
Subject:  [Snort-users] Creating a 'read-only' 100/10BaseT ethernet cable



Hi,

I've been trying to create a patch cable for a snort box that is a
'read-only cable. I remember people on this list mentioning something about
this but could nto turn up anything on the archives. I know that you can run
snort on an interface that has no IP address but I'd also like to provide
physical security to guard against a configuration error.

I think I remember that you need to complete only one of the pairs in order
to read packets but the other pair to write packets is not used. Here's what
I tried so far:

Create a cable where only pair 1&2 are used

Create a cable where only pair 3&6 are used

Create a cable where only pair 1&2 are used and 3&6 looped back to the hub

Create a cable where only pair 3&6 are used and 1&2 looped back to the hub


I'm trying this on a hub that does 100Mbit ethernet and supports full
duplex. The card I am using usually negotiates a full duplex connection. I
have tried rebooting the box with each config mentioned above.

Has anybody got this working? If so, could you describe your configuration?

aTdHvAaNnKcSe













_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/mailman/listinfo/snort-users










More information about the Snort-users mailing list