Re: eth0 without ip

[Matt Kettler <mkettler () evi-inc com>]

Hmm, I'd not recommend trying to simply "cut the tx pair" with twisted pair 
ethernet (10 or 100mbit).

You won't get an ethernet link when doing so unless your hub is broken 
and/or badly designed. (then again, lots of hardware is in fact broken)

This mechanism does work when cutting the TX pin of an AUI connector however.

The snort FAQ has some documentation about how to properly make a receive 
only ethernet cable that should work for hubed 10mbit applications. (it's 
essentially a cut TX pair at the ethernet side, with feed-back from the 
ethernet's RX pair to the hub's RX.)

http://www.snort.org/docs/faq.html#3.1

100mbit or switched is trickier to do "real hardware receive only" cabling, 
you need to make a "denatured" cable that has the pairs mismatched. This 
winds up with a cable with the wrong impedance that works for the short 
link-check pattern, but fails for real packets. Or buy a commercial tapping 
device for it.

At 06:52 PM 2/3/2003 -0500, David Culp wrote:
> The best method is to cut the "transmit pair" on the cable
> from the "public" interface.
>
> David



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users