-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That is correct. However, you can fabricate a cable that will produce
this. I'm using it on my snort machines. It's basically a read-only
Ethernet cable. The only gotcha is that you can only use it on a hub,
not a switch. The reason is that the TX pair is looped to itself (pin
1 to pin 3 and pin 2 to pin 6 on the hub side, pin 1 to pin 2 on the
NIC side), and basically transmits the packets back to the
transmitting device. That cause some confusion on switches (MAC table
goes nuts), but it works like a charm on hubs. That loop provides the
link signal.

Email me off line if you like the pin out (or check the archives on
Security focus. I had posted that to several list some time ago).

Regards,
Frank

> -----Original Message-----
> From: Anthony D. Eaker [mailto:radu7PIPELINE.COM]
> Sent: Saturday, March 31, 2001 9:53 AM
>
> Clipping (or not connecting) the Tx wires on a 10/100Base-T (RJ45)
> connection won't work (if you've got one that does I'd be
> interested in
> knowing what make of NIC/Hub you are using!). The NIC/Hub on
> a 10/100Base-T
> connection need the Tx pair to send link-pulses to maintain a
> connection.
> You can, however, do this on an older NIC that uses an AUI
> interface by
> clipping the Tx pins on the transceiver. See section 3.6 of
> the following
> FAQ, which contains other very useful info on detecting
> packet-sniffers
> etc...

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOspnR5ytSsEygtEFEQKEMACgjv0T9ib9Xq0IkmZIs7zy7h/Hhk0AoP92
K08eFokBiuez0R3zw8IMSoKd
=SGS1
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]