[Snort-users] Re: Wiring a "read only" cable
joe at ...3851...
Fri Nov 30 03:33:05 EST 2001
Date: Thu, 29 Nov 2001 18:30:32 -0500
To: snort-users at lists.sourceforge.net
From: Matt Kettler <mkettler at ...4108...>
Subject: [Snort-users] Re: Wiring a "read only" cable
>>I think the 14 pin connector you are looking at is AUI, not a 100baseT
ethernet PHY connection. Perhaps you can point out where this diagram is on
it's here: http://www.silicondefense.com/techsupport/ro-ethernet.htm
What you say makes perfect sense.. it's been so long since I used one of those I
kinda forgot all about them. :-) I knew the diagram would not be up on the SD site
unless it made some sort of sense, I was just sitting here staring at my 4 pairs going "huh?"
>>Also with 100baseT it is impossible to create a read only cable by just
cutting one or more pins of a twisted pair cable. The PHY layer sends short
bursts of test signal that are expected to be echoed back in order to
So if you try to use regular 100base-T cable with a pair gone, you won't see link and the
IF will remain down if I follow you here.
>>Your best bet is to use an AUI adapter and cut pins on the AUI side. Of
course, this implies having a 100mbit ethernet card with AUI input (uncommon).<<
seriously.. I'm not sure I have any here. So you need an AUI adapter, alter the wiring and then get a
converter to RJ45 to go to the hub/switch... Anyone have a favorite NIC for this?
>>Baring that you can create a "denatured" ethernet cable where the TX+ and
TX- signals are not on the same twisted pair. This ruins the controlled
impedance of the pair, and introduces bit errors into the data. If the
denatured cable is the right length the short test bursts with make it
through fine but data packets will have errors in them and be dropped. This
process is not an exact science, but there is a website somewhere detailing
what can be detailed. I do not have the URL offhand.<<
I dug a little deeper and found some stuff in the Snort FAQ (my bad...)
Section 3.1 has a bit about ethernet cabling. The setup is described as working
well on a hub but not so on a switch.. :-( Me being 100% switched of course..
Maybe I can hang a cheap hub off the switch port I mirror to.. maybe that's the ticket.
Thanks for the responses!
More information about the Snort-users