On Fri, 2002-10-04 at 13:47, Ben Nagy wrote: > This appears to be security urban myth. I (and others) have tried it. It > doesn't work. > > (The problem is that most network devices will not bring up layer 1, > because not all the wires are connected.) The RO Cable I use works like a charm, so don't be so quick writing it off as an urban legend. The only drawback is that you can only use it on a plain-old, dumb hub, since my cable fakes the 'missing link' by crossing the receive pair back to send. That will confuse the heck out of switches (MAC table blow-up), but works fine on a hub. In those cases the line you are monitoring can only be half-duplex. If you want to monitor full-duplex links, you need to use a switch and configure a monitor port (or use taps and pipe their output onto a switch with a monitor port). If you want a diagram for that cable, let me know (or just look at the Snort FAQ). Regards, Frank
This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 14:57:36 PDT