[Snort-users] Re: Wiring a "read only" cable (Joe Pampel)

Donal Graeme slivergun at ...4215...
Thu Nov 29 19:48:04 EST 2001

My experience is that you can run a NIC in promiscuous mode without an IP address, thus eliminating the need for the transmit wires to maintain any sort of link at all. 

I have set up Snort to run on a NIC that is connected via a cable with only the 2 receive wires active. I did only what Bill Cheswick in "Firewalls and Internet Security," and Steven Northcutt in "Network Intrusion Detection: An Analyst's handbook" suggest. I have this arrangement working on a P4 system running RedHat 7.1. It is exactly as you have described below. The key is to remember that a NIC need not have an address to be in promiscuous mode.

>-----Original Message-----
>From: Joe Pampel [mailto:joe at ...3851...]
>Sent: Thursday, November 29, 2001 4:30 PM
>To: snort-users at lists.sourceforge.net;
>snort-users-request at lists.sourceforge.net
>Subject: [Snort-users] Re: Wiring a "read only" cable
>What am I missing here?
>Trying to make a read only 100Base-T cable for a sensor and it has 8
>pins -
>4 pairs. So far so good.
>www.silicondefense.com has a schematic showing 14 pins and cutting pins
>and 10...
>Can you see my confusion?  My understanding of this kind of connector is
>like this:
>from : http://yoda.uvi.edu/InfoTech/rj45.htm
>Pin Number Designations
>   Color Codes for T568B
>Pin     color  pair  name
>---     -----  ---- ---------
>1       wh/or   2   TxData +
>2       or      2   TxData -
>3       wh/grn  3   RecvData+
>4       blu     1
>5       wh/blu  1
>6       grn     3   RecvData-
>7       wh/brn  4
>8       brn     4
>This would indicate not crimping the Orange pair to pins 1 & 2. And of
>course if you're a wise-guy you put a splitter on the jack and plug an
>in and use the middle pair for a POTS line.. but anyhow... ;-)
>Anyone else run into this?
>ps: wiring sucks when you're color blind. :-)
>- Joe

Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com

More information about the Snort-users mailing list