Snort mailing list archives
Re: Re: Wiring a "read only" cable (Joe Pampel)
From: Josh Oshiro <josh () silicondefense com>
Date: Fri, 30 Nov 2001 01:24:23 -0800
The silicon defense diagram is an AUI socket for ethernet I believe they called it a D15 connecter. I only see these on older network cards. With that pinout you can easlily cut the transmit pins to prevent transmit. However we are all using rj45 now and its not that easy anymore. If you cut the transmit pins on cat5 cable the hub/switch will think the link is dead and connectivity with the hub/switch will be lost. The one way i know of to make a recieve only network cable for rj45 port NICs (although very flaky and haven't tried it myself) is to force a 100mb transfer, use a max length cable and untwist the transmit pair to corupt the transmit signal enough to prevent communication while still allowing the "keep alive signal" to be present. I would not expect that to work reliabily if it even works at all. ----- Original Message ----- From: "Chris Schuler" <cschuler () columbus rr com> To: <slivergun () techemail com>; <snort-users () lists sourceforge net> Sent: Thursday, November 29, 2001 8:38 PM Subject: Re: [Snort-users] Re: Wiring a "read only" cable (Joe Pampel)
There are still ways to discover a NIC in promiscuous mode. L0pht makes such a program. Just becuast a NIC doesnt have an IP address doesnt mean ARPing cant reveal it. ----- Original Message ----- From: "Donal Graeme" <slivergun () techemail com> To: <snort-users () lists sourceforge net> Sent: Thursday, November 29, 2001 10:47 PM Subject: [Snort-users] Re: Wiring a "read only" cable (Joe Pampel)My experience is that you can run a NIC in promiscuous mode without an
IP
address, thus eliminating the need for the transmit wires to maintain any sort of link at all.I have set up Snort to run on a NIC that is connected via a cable withonly the 2 receive wires active. I did only what Bill Cheswick in
"Firewalls
and Internet Security," and Steven Northcutt in "Network Intrusion Detection: An Analyst's handbook" suggest. I have this arrangement working on a P4 system running RedHat 7.1. It is exactly as you have described below. The key is to remember that a NIC need not have an address to be in promiscuous mode.-----Original Message----- From: Joe Pampel [mailto:joe () ardsley com] Sent: Thursday, November 29, 2001 4:30 PM To: snort-users () lists sourceforge net; snort-users-request () lists sourceforge net Subject: [Snort-users] Re: Wiring a "read only" cable What am I missing here? Trying to make a read only 100Base-T cable for a sensor and it has 8 pins - 4 pairs. So far so good. www.silicondefense.com has a schematic showing 14 pins and cutting pins 3 and 10... Can you see my confusion? My understanding of this kind of connector
is
like this: from : http://yoda.uvi.edu/InfoTech/rj45.htm ----------------------------------------------------------------------- Pin Number Designations Color Codes for T568B Pin color pair name --- ----- ---- --------- 1 wh/or 2 TxData + 2 or 2 TxData - 3 wh/grn 3 RecvData+ 4 blu 1 5 wh/blu 1 6 grn 3 RecvData- 7 wh/brn 4 8 brn 4 ------------------------------------------------ This would indicate not crimping the Orange pair to pins 1 & 2. And of course if you're a wise-guy you put a splitter on the jack and plug an RJ-11 in and use the middle pair for a POTS line.. but anyhow... ;-) Anyone else run into this? ps: wiring sucks when you're color blind. :-) - Joe_____________________________________________________________ Are you a Techie? Get Your Free Tech Email Address Now! Visithttp://www.TechEmail.com_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Wiring a "read only" cable (Joe Pampel) Donal Graeme (Nov 29)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Chris Schuler (Nov 29)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Josh Oshiro (Nov 30)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Lists (Nov 30)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Josh Oshiro (Nov 30)
- <Possible follow-ups>
- RE: Re: Wiring a "read only" cable (Joe Pampel) Flowers, Jay (Nov 30)
- RE: Re: Wiring a "read only" cable (Joe Pampel) Matt Kettler (Nov 30)
- RE: Re: Wiring a "read only" cable (Joe Pampel) Flowers, Jay (Nov 30)
- Re: Wiring a "read only" cable (Joe Pampel) Wynn Fenwick (Nov 30)
- RE: Re: Wiring a "read only" cable (Joe Pampel) Flowers, Jay (Dec 03)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Chris Schuler (Nov 29)