RE: [Full-Disclosure] Caching a sniffer

From: Kenton Smith (
Date: 03/11/04

  • Next message: Kenton Smith: "Re: [Full-Disclosure] Caching a sniffer"
    Date: Thu, 11 Mar 2004 11:01:19 -0700

    On Thu, 2004-03-11 at 10:43, Mike Fratto wrote:

    > Your assuming that the attacker 1) has control of the switch and 2) is
    > sniffing either the uplink or has configured the switch to mirror all the
    > switch ports or VLAN to the mirror port.
    > Neither of which may be the case.

    There are many people on this list who have more knowledge of this than
    I do, but having control of the switch isn't the only way to sniff a
    switched network. All you need is a way of spoofing ARP packets and you
    can intercept all the traffic you want. Here's one such set of tools -


    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:

    Full-Disclosure - We believe in it.

  • Next message: Kenton Smith: "Re: [Full-Disclosure] Caching a sniffer"