Re: sniffer for ATM

From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
Date: 07/25/01


Date: Wed, 25 Jul 2001 11:54:55 -0400 (EDT)
From: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
To: Burak DAYIOGLU <dayioglu@metu.edu.tr>
Subject: Re: sniffer for ATM
Message-ID: <Pine.LNX.4.30.0107251152360.20797-100000@biocserver.BIOC.CWRU.Edu>

On Wed, 25 Jul 2001, Burak DAYIOGLU wrote:

> An optical splitter to tap into a fiber cable carrying ATM will do
> good enough to have a copy of the beam. A *BSD workstation with BPF
> would do good enough to act as the optimum sniffer platform. I am
> willing to develop a customized sniffer software just because they
> lack certain functionality.

the issue is the way ATM works: its fully switched. you will only see
traffic that's designated to or from your ATM endpoint. we use hardware
sniffers that were designed for ATM traffic, which cost a good chunk of
money, actually.

> Does libpcap support ATM traffic? Are the above assumptions regarding
> traffic sniffing correct?

i've used pcap on a LANE network before. but i don't think i was able to
observe the raw ATM transmissions ... some subtle hacking, kernel changes
to keep the framing intact, and the proper decodes and you should be set.
worked for 802.11b after all.

____________________________
jose nazario jose@cwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



Relevant Pages

  • Re: sniffer for ATM
    ... Subject: sniffer for ATM ... >> An optical splitter to tap into a fiber cable carrying ATM will do ... >> would do good enough to act as the optimum sniffer platform. ...
    (Focus-IDS)
  • RE: sniffer for ATM
    ... Subject: sniffer for ATM ... poisoning the arp tables on a switched Ethernet environment? ... you could do a sort of man in the middle attack to divert ...
    (Focus-IDS)
  • Re: sniffer for ATM
    ... Subject: sniffer for ATM ... > For some research-related project, ... > a way to sniff ana selectively record 34/155Mbps ...
    (Focus-IDS)