Snort mailing list archives
Re: Recieve Only Ethernet Cabling question.
From: Scott Nursten <scottn () s2s ltd uk>
Date: Mon, 16 Sep 2002 14:51:45 +0100
Hey Matt, Remember Layer 2? That's the one below layer 3... :) No - just kidding about - basically, it's still possible to make your snort box respond to layer 2 requests / frames. By snipping the send cables, you ensure that no response can be sent, either below or above (not likely :)) layer 3. Regards, Scott On 9/16/02 2:36 PM, "Matt Todd" <Matt.Todd () cityofmemphis org> wrote:
Have a tangent question about this, is kind of newbie level, so apologies. In what situation would I need to run a receive only cable instead of a dual * interface/no outside IP setup? I'm sure I'm missing something, just seems like the latter is sufficient. Thanks, Matt"Scot Scot" <scotw () hotmail com> 09/14/02 10:28 AM >>>I would not recommend cutting the transmit side, shunt it to ground (pin 2). Some OS's will disable the interface if PIN 1 does not indicate a completed circuit. Simply tap wires 3&6 from the monitor side to the HUB. Snort-Box HUB 1--- 1--- | ------------------| 2--- | 3--- | 3------------------------ 2--- 6------------------------------------------| 6--- 1. Solder pins one and two on the Snort-Box connector together. 2. Solder pins 1 (from-hub), 3(from-hub), and 3 (from Snort-Box) together. 3. Solder pins 2 (from-hub), 6(from-hub), and 6 (from Snort-Box) together. Just cut the wire somewhere in the middle to perform this. Make sure you keep your cuts clean, don't use to much solder, and use a good heatshrink wrap to keep the job clean. I have a better diagram drawing of this if you would like. Just shoot me a mail message with "Tap Picture Please" in the Subject and I'll hook you up. Scot Wiedenfeld ----- Original Message ----- From: "Keith Young" <kyoung () v-one com> To: "Andy Garner" <Andy.G () aptalaska com> Cc: <snort-users () lists sourceforge net> Sent: Friday, September 13, 2002 :24 PM Subject: Re: [Snort-users] Recieve Only Ethernet Cabling question.Andy Garner wrote:I was looking at the diagram in the Snort FAQ on snort.org for making my own receive-only Ethernet cable. Isn't what is being described the same as a crossover cable? I just wanted to make sure before I expose my new snort machine to the internet.Andy, No. The receive-only cable has the transmit wire pair cut. A crossover cable has the receive wire pair on one side "crossed" to the transmit wire pair on the other side (and vice-versa). It is used for going between "like" device types (ie. PC-to-PC, hub-to-hub, etc) If you want a secure receive-only cable then you will need to make it by following the Snort FAQ. Cheers, -- -- --Keith Young -kyoung () v-one com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
-- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Recieve Only Ethernet Cabling question. Andy Garner (Sep 13)
- Re: Recieve Only Ethernet Cabling question. Keith Young (Sep 13)
- Re: Recieve Only Ethernet Cabling question. Scot Scot (Sep 14)
- Re: Recieve Only Ethernet Cabling question. Frank Knobbe (Sep 15)
- Re: Recieve Only Ethernet Cabling question. Scot Scot (Sep 14)
- <Possible follow-ups>
- Re: Recieve Only Ethernet Cabling question. Matt Todd (Sep 16)
- Re: Recieve Only Ethernet Cabling question. Scott Nursten (Sep 16)
- Re: Recieve Only Ethernet Cabling question. Keith Young (Sep 13)