RE: Read Only Ethernet Cable

["John Canty" <John.Canty () Vibro-Meter com>]

I recently built something like this , it consists of a capacitor in
series with the solid brown wire, the impeadence of the cable itself
works as the resistor. I believe the rating on the capacitor is 10 pico
farads. The website I originally saw it on was out of hong kong, and has
since been shut down. Hope this helps

//John

-----Original Message-----
From: Rory [mailto:nazgul () csn ul ie] 
Sent: Wednesday, February 12, 2003 1:14 PM
To: Naman Latif
Cc: security-basics () securityfocus com
Subject: Re: Read Only Ethernet Cable

I'm assuming here by the information you've given so if i'm wrong please
correct me. You want to make a cable that allows the traffic to go in
one
direction. the idea being that your snort box does not send information
just receives it. I don't think you can do this with a special cable as
ethernet need to be able to send acks back to let the sending side know
that it received that data. So you will need to do this at OS level not
with a special cable. If you were to do what you were suggesting the
sending box would send only the number of packets in the TCP window and
that would be it (it mayt resend them but in the end it will just be a
small set of information ). you will need to do this with chain rules.

If my assumptions were totally wrong sorry.

cheers,
Rory

On Tue, 11 Feb 2003, Naman Latif wrote:

> Hi,
> Can anyone tell me how to make a Read-Only Ethernet Cable to be used
> with Snort\Sniffer
>
> IS this correct
>
> LAN           Snort\Switch
> 1          1
> 2          2
> 3----------3
> 4
> 5
> 6----------6
> 7
> 8
>
> Then on both sides, connect 1&2 to eachother ?
>
> \\ Naman