RE: Read Only Ethernet Cable

["David Gillett" <gillettdavid () fhda edu>]

> I'm assuming here by the information you've given so if I'm 
> wrong please correct me. You want to make a cable that allows 
> the traffic to go in one direction. the idea being that your 
> snort box does not send information just receives it. I don't 
> think you can do this with a special cable as ethernet need to 
> be able to send acks back to let the sending side know that it 
> received that data.

  This would be true ONLY if the snort box were the intended 
destination of the traffic.  BUT IT'S NOT!
  The snort box just wants to sniff traffic passing by it, 
between other endpoints.  As long as the endpoints can 
acknowledge each other, the traffic will flow.
  On a "repeated segment" (hub or mirrored switch port), the
traffic will be visible at the snort box's NIC, and can be seen
as long as the NIC is in promiscuous mode.  The read-only cable
ensures that nothing on the snort box will give itself away by
sending on this segment, so

(a) full duplex still works without fear of collisions, and

(b) techniques for detecting sniffers will fail.

  The question is:  Is the wiring diagram correct?

  It looks about right to me, but I don't have a spec handy to
check it against.

David Gillett