Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wiring a "read only" cable

From: "Joe Pampel" <joe () ardsley com>
Date: Fri, 30 Nov 2001 06:32:03 -0500
reply in-line


Message: 11

Date: Thu, 29 Nov 2001 18:30:32 -0500
To: snort-users () lists sourceforge net 
From: Matt Kettler <mkettler () evi-inc com>
Subject: [Snort-users] Re: Wiring a "read only" cable


I think the 14 pin connector you are looking at is AUI, not a 100baseT 

ethernet PHY connection. Perhaps you can point out where this diagram is on 
silicondefense.com?<<

it's here: http://www.silicondefense.com/techsupport/ro-ethernet.htm


What you say makes perfect sense.. it's been so long since I used one of those I
kinda forgot all about them. :-)  I knew the diagram would not be up on the SD site
unless it made some sort of sense, I was just sitting here staring at my 4 pairs going "huh?"


Also with 100baseT it is impossible to create a read only cable by just 

cutting one or more pins of a twisted pair cable. The PHY layer sends short 
bursts of test signal that are expected to be echoed back in order to 
establish link.

So if you try to use regular 100base-T cable with a pair gone, you won't see link and the
IF will remain down if I follow you here. 


Your best bet is to use an AUI adapter and cut pins on the AUI side. Of 

course, this implies having a 100mbit ethernet card with AUI input (uncommon).<<

seriously.. I'm not sure I have any here. So you need an AUI adapter, alter the wiring and then get a
converter to RJ45 to go to the hub/switch... Anyone have a favorite NIC for this? 


Baring that you can create a "denatured" ethernet cable where the TX+ and 

TX- signals are not on the same twisted pair. This ruins the controlled 
impedance of the pair, and introduces bit errors into the data. If the 
denatured cable is the right length the short test bursts with make it 
through fine but data packets will have errors in them and be dropped. This 
process is not an exact science, but there is a website somewhere detailing 
what can be detailed. I do not have the URL offhand.<<

I dug a little deeper and found some stuff in the Snort FAQ (my bad...)
Section 3.1 has a bit about ethernet cabling. The setup is described as working
well on a hub but not so on a switch.. :-(  Me being 100% switched of course.. 
Maybe I can hang a cheap hub off the switch port I mirror to.. maybe that's the ticket.

Thanks for the responses!




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: