[Snort-users] Re: Wiring a "read only" cable (Joe Pampel)

Chris Schuler cschuler at ...2467...
Thu Nov 29 20:39:03 EST 2001


There are still ways to discover a NIC in promiscuous mode.  L0pht makes
such a program.  Just becuast a NIC doesnt have an IP address doesnt mean
ARPing cant reveal it.
----- Original Message -----
From: "Donal Graeme" <slivergun at ...4215...>
To: <snort-users at lists.sourceforge.net>
Sent: Thursday, November 29, 2001 10:47 PM
Subject: [Snort-users] Re: Wiring a "read only" cable (Joe Pampel)


> My experience is that you can run a NIC in promiscuous mode without an IP
address, thus eliminating the need for the transmit wires to maintain any
sort of link at all.
>
> I have set up Snort to run on a NIC that is connected via a cable with
only the 2 receive wires active. I did only what Bill Cheswick in "Firewalls
and Internet Security," and Steven Northcutt in "Network Intrusion
Detection: An Analyst's handbook" suggest. I have this arrangement working
on a P4 system running RedHat 7.1. It is exactly as you have described
below. The key is to remember that a NIC need not have an address to be in
promiscuous mode.
>
>
> >-----Original Message-----
> >From: Joe Pampel [mailto:joe at ...3851...]
> >Sent: Thursday, November 29, 2001 4:30 PM
> >To: snort-users at lists.sourceforge.net;
> >snort-users-request at lists.sourceforge.net
> >Subject: [Snort-users] Re: Wiring a "read only" cable
> >
> >What am I missing here?
> >
> >Trying to make a read only 100Base-T cable for a sensor and it has 8
> >pins -
> >4 pairs. So far so good.
> >www.silicondefense.com has a schematic showing 14 pins and cutting pins
> >3
> >and 10...
> >
> >Can you see my confusion?  My understanding of this kind of connector is
> >like this:
> >from : http://yoda.uvi.edu/InfoTech/rj45.htm
> >
> >-----------------------------------------------------------------------
> >Pin Number Designations
> >
> >   Color Codes for T568B
> >Pin     color  pair  name
> >---     -----  ---- ---------
> >1       wh/or   2   TxData +
> >2       or      2   TxData -
> >3       wh/grn  3   RecvData+
> >4       blu     1
> >5       wh/blu  1
> >6       grn     3   RecvData-
> >7       wh/brn  4
> >8       brn     4
> >
> >------------------------------------------------
> >
> >This would indicate not crimping the Orange pair to pins 1 & 2. And of
> >course if you're a wise-guy you put a splitter on the jack and plug an
> >RJ-11
> >in and use the middle pair for a POTS line.. but anyhow... ;-)
> >Anyone else run into this?
> >
> >ps: wiring sucks when you're color blind. :-)
> >
> >- Joe
>
>
> _____________________________________________________________
> Are you a Techie? Get Your Free Tech Email Address Now! Visit
http://www.TechEmail.com
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list