Snort mailing list archives

Re: OT-Read Only Network cables

From: Frank Knobbe <fknobbe () knobbeits com>
Date: 24 Jun 2003 14:33:54 -0500

On Tue, 2003-06-24 at 13:43, Mike Feetham wrote:

I have seen a reference or two in this list about read-only network
cables.  Does anyone have a website or other documentation on how to
make them?  Is it just a matter of snipping the send pair on a cat5?
I'm putting together some IDS boxes for a couple of companies that are
too cheap/can't afford taps.


If you are referring to the cable pin-out in the Snort FAQ:
I never created instructions (although I wanted to make a movie on how
to crimp one at one time... just never found the time), except for some 
lines in email and what pin goes where (basically describing the pin-out
in words). But I have a couple images that offer a clue:
  http://www.snortsam.net/1.jpg (Sniffer side)
  http://www.snortsam.net/2.jpg (LAN side)
  http://www.snortsam.net/3.jpg (LAN side) 

There is also a diagram somewhere for a cable with a capacitor. My cable
doesn't have that, instead it loops the output back into input which
confuses the hell out of switches. Works great on a hub though. Anyhow,
from the picture you can guess how to make it. Getting to leads into one
hole requires a bit of patience but it's not too bad. Just strip the
wire as you can see in the image.

(That said, it only works on solid wire, not stranded :)

Hope this helps,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Thoughts.....Future of Linux? Donofrio, Lewis (Jun 20)
- Re: Thoughts.....Future of Linux? Chris Green (Jun 24)
  - OT-Read Only Network cables Mike Feetham (Jun 24)
    - Re: OT-Read Only Network cables Erek Adams (Jun 24)
    - Re: OT-Read Only Network cables sunzi (Jun 24)
    - Re: OT-Read Only Network cables Frank Knobbe (Jun 24)
- <Possible follow-ups>
- Re: Thoughts.....Future of Linux? Matt Kettler (Jun 20)