RE: arpspoofing
From: Lee Brotherston (lee.brotherston@uk.easynet.net)Date: 02/08/02
- Previous message: Mike Shaw: "compromising frame relay?"
- Maybe in reply to: Erlend J. Leiknes: "arpspoofing"
- Next in thread: Darrin.Wassom@spectrum-health.org: "RE: arpspoofing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Lee Brotherston <lee.brotherston@uk.easynet.net> To: "'Erlend J. Leiknes'" <nookie@online.no>, pen-test@securityfocus.com Date: Fri, 8 Feb 2002 17:33:44 -0000
| Any other ways to sniff in a switched enviorment?
There are a couple of other ways to sniff traffic on a switched network
assuming you have physical access to network:
- Alot of switches these days have the option of configuring a mirror port.
This port get's duplicates of traffics from all other ports. So you can see
everything. This port does get the aggregate of the others remember, so it
will be high bandwidth.
- You could place a machine on the networks' uplink running in bridging
mode. Doing this you will only see traffic that is going over the uplink
however, as local traffic will be sent via the switch only, and will not
touch the uplink. And you have the downside of causing an outage when you
install/remove the machine.
Thanks
Lee
-- Lee Brotherston - IP Security Manager, Easynet Ltd http://www.easynet.net/ Phone: +44 20 7900 4444---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Mike Shaw: "compromising frame relay?"
- Maybe in reply to: Erlend J. Leiknes: "arpspoofing"
- Next in thread: Darrin.Wassom@spectrum-health.org: "RE: arpspoofing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
