Snort mailing list archives
Re: Re: Wiring a "read only" cable (Joe Pampel)
From: "Chris Schuler" <cschuler () columbus rr com>
Date: Thu, 29 Nov 2001 23:38:12 -0500
There are still ways to discover a NIC in promiscuous mode. L0pht makes such a program. Just becuast a NIC doesnt have an IP address doesnt mean ARPing cant reveal it. ----- Original Message ----- From: "Donal Graeme" <slivergun () techemail com> To: <snort-users () lists sourceforge net> Sent: Thursday, November 29, 2001 10:47 PM Subject: [Snort-users] Re: Wiring a "read only" cable (Joe Pampel)
My experience is that you can run a NIC in promiscuous mode without an IP
address, thus eliminating the need for the transmit wires to maintain any sort of link at all.
I have set up Snort to run on a NIC that is connected via a cable with
only the 2 receive wires active. I did only what Bill Cheswick in "Firewalls and Internet Security," and Steven Northcutt in "Network Intrusion Detection: An Analyst's handbook" suggest. I have this arrangement working on a P4 system running RedHat 7.1. It is exactly as you have described below. The key is to remember that a NIC need not have an address to be in promiscuous mode.
-----Original Message----- From: Joe Pampel [mailto:joe () ardsley com] Sent: Thursday, November 29, 2001 4:30 PM To: snort-users () lists sourceforge net; snort-users-request () lists sourceforge net Subject: [Snort-users] Re: Wiring a "read only" cable What am I missing here? Trying to make a read only 100Base-T cable for a sensor and it has 8 pins - 4 pairs. So far so good. www.silicondefense.com has a schematic showing 14 pins and cutting pins 3 and 10... Can you see my confusion? My understanding of this kind of connector is like this: from : http://yoda.uvi.edu/InfoTech/rj45.htm ----------------------------------------------------------------------- Pin Number Designations Color Codes for T568B Pin color pair name --- ----- ---- --------- 1 wh/or 2 TxData + 2 or 2 TxData - 3 wh/grn 3 RecvData+ 4 blu 1 5 wh/blu 1 6 grn 3 RecvData- 7 wh/brn 4 8 brn 4 ------------------------------------------------ This would indicate not crimping the Orange pair to pins 1 & 2. And of course if you're a wise-guy you put a splitter on the jack and plug an RJ-11 in and use the middle pair for a POTS line.. but anyhow... ;-) Anyone else run into this? ps: wiring sucks when you're color blind. :-) - Joe_____________________________________________________________ Are you a Techie? Get Your Free Tech Email Address Now! Visit
http://www.TechEmail.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Wiring a "read only" cable (Joe Pampel) Donal Graeme (Nov 29)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Chris Schuler (Nov 29)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Josh Oshiro (Nov 30)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Lists (Nov 30)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Josh Oshiro (Nov 30)
- <Possible follow-ups>
- RE: Re: Wiring a "read only" cable (Joe Pampel) Flowers, Jay (Nov 30)
- RE: Re: Wiring a "read only" cable (Joe Pampel) Matt Kettler (Nov 30)
- RE: Re: Wiring a "read only" cable (Joe Pampel) Flowers, Jay (Nov 30)
- Re: Wiring a "read only" cable (Joe Pampel) Wynn Fenwick (Nov 30)
- RE: Re: Wiring a "read only" cable (Joe Pampel) Flowers, Jay (Dec 03)
- Re: Re: Wiring a "read only" cable (Joe Pampel) Chris Schuler (Nov 29)