RE: Read Only Ethernet Cable

[<security () evensonit com>]

It seems this may be able to be done.  Do a search for "Ethernet AUI
Sniffer".  What that amounts to is disabling the transmit portion of an AUI
port.  Sounds like you'll need a transceiver to convert from ethernet to aui
though.  Good luck.
Jeff.

-----Original Message-----
From: Rory [mailto:nazgul () csn ul ie] 
Sent: Wednesday, February 12, 2003 1:14 PM
To: Naman Latif
Cc: security-basics () securityfocus com
Subject: Re: Read Only Ethernet Cable


I'm assuming here by the information you've given so if i'm wrong please
correct me. You want to make a cable that allows the traffic to go in one
direction. the idea being that your snort box does not send information just
receives it. I don't think you can do this with a special cable as ethernet
need to be able to send acks back to let the sending side know that it
received that data. So you will need to do this at OS level not with a
special cable. If you were to do what you were suggesting the sending box
would send only the number of packets in the TCP window and that would be it
(it mayt resend them but in the end it will just be a small set of
information ). you will need to do this with chain rules.

If my assumptions were totally wrong sorry.

cheers,
Rory

On Tue, 11 Feb 2003, Naman Latif wrote:

> Hi,
> Can anyone tell me how to make a Read-Only Ethernet Cable to be used 
> with Snort\Sniffer
>
> IS this correct
>
> LAN           Snort\Switch
> 1          1
> 2          2
> 3----------3
> 4
> 5
> 6----------6
> 7
> 8
>
> Then on both sides, connect 1&2 to eachother ?
>
> \\ Naman