[Snort-users] Recieve Only Ethernet Cabling question.

Scott Nursten scottn at ...4526...
Mon Sep 16 06:52:10 EDT 2002


Hey Matt, 

Remember Layer 2? That's the one below layer 3... :) No - just kidding about
- basically, it's still possible to make your snort box respond to layer 2
requests / frames. By snipping the send cables, you ensure that no response
can be sent, either below or above (not likely :)) layer 3.

Regards,

Scott 

On 9/16/02 2:36 PM, "Matt Todd" <Matt.Todd at ...6906...> wrote:

> Have a tangent question about this, is kind of newbie level, so apologies.
> 
> In what situation would I need to run a receive only cable instead of a dual *
> interface/no outside IP setup?
> 
> I'm sure I'm missing something, just seems like the latter is sufficient.
> 
> Thanks,
> 
> Matt
> 
>>>> "Scot Scot" <scotw at ...125...> 09/14/02 10:28 AM >>>
> I would not recommend cutting the transmit side, shunt it to ground (pin 2).
> Some OS's will disable the interface if PIN 1 does not indicate a completed
> circuit.
> 
> Simply tap wires 3&6 from the monitor side to the HUB.
> 
>   Snort-Box                                HUB
> 1---                                                    1---
>     |                               ------------------|
> 2---                              |                      3---
>                                   |
> 3------------------------                     2---
> 6------------------------------------------|
>                                                          6---
> 
> 1. Solder pins one and two on the Snort-Box connector together.
> 2. Solder pins 1 (from-hub), 3(from-hub), and 3 (from Snort-Box) together.
> 3. Solder pins 2 (from-hub), 6(from-hub), and 6 (from Snort-Box) together.
> 
> Just cut the wire somewhere in the middle to perform this. Make sure you
> keep your cuts clean, don't use to much solder, and use a good heatshrink
> wrap to keep the job clean.
> 
> I have a better diagram drawing of this if you would like. Just shoot me a
> mail message with "Tap Picture Please" in the Subject and I'll hook you up.
> 
> Scot Wiedenfeld
> 
> ----- Original Message -----
> From: "Keith Young" <kyoung at ...6513...>
> To: "Andy Garner" <Andy.G at ...3007...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Friday, September 13, 2002 :24 PM
> Subject: Re: [Snort-users] Recieve Only Ethernet Cabling question.
> 
> 
>> Andy Garner wrote:
>>> I was looking at the diagram in the Snort FAQ on snort.org for making my
>>> own receive-only Ethernet cable.  Isn't what is being described the same
>>> as a crossover cable?  I just wanted to make sure before I expose my new
>>> snort machine to the internet.
>>> 
>> 
>> Andy,
>> 
>> No. The receive-only cable has the transmit wire pair cut. A crossover
>> cable has the receive wire pair on one side "crossed" to the transmit
>> wire pair on the other side (and vice-versa). It is used for going
>> between "like" device types (ie. PC-to-PC, hub-to-hub, etc)
>> 
>> If you want a secure receive-only cable then you will need to make it by
>> following the Snort FAQ.
>> 
>> Cheers,
>> 
>> --
>> 
>> --
>> --Keith Young
>> -kyoung at ...6513...
>> 
>> 
>> 
>> 
>> -------------------------------------------------------
>> This sf.net email is sponsored by:ThinkGeek
>> Welcome to geek heaven.
>> http://thinkgeek.com/sf
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list

-- 






More information about the Snort-users mailing list