Re: Sniffing on a switch

From: Chris Mills (securinate_at_gmail.com)
Date: 10/29/05

  • Next message: Frederic Charpentier: "Re: Vuln Scanner"
    Date: Sat, 29 Oct 2005 10:26:54 -0400
    To: Andy Meyers <andy.meyers@hushmail.com>
    
    

    Andy-
    If you have configuration access the managed switch, set up port
    monitoring/mirror ports. That will take the traffic passing through
    specified interfaces and mirror it to a port you specify (Where your
    sniffer is set up). If it is an unmanaged switch, stick a hub between
    the switch and the next outbound hop. You won't see all the local <>
    local traffic that traverses the switch, but you will see inbound and
    outbound traffic.

    HTH,
    Chris

    On 10/27/05, Andy Meyers <andy.meyers@hushmail.com> wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Now i know people say you "cant" sniff on a switch and I know about ARP
    > poisoning and MAC flooding. But there has to be another way. I have heard
    > too many stories about "he sniffed my AIM conversation on a Cisco switch"
    > (an example is in the most recent version of 2600). Does anyone know of any
    > technique how to do this? Can you ARP poison a switch?
    >
    > Ashes
    > -----BEGIN PGP SIGNATURE-----
    > Note: This signature can be verified at https://www.hushtools.com/verify/
    > Version: Hush 2.4
    > Charset: UTF8
    >
    > wkYEARECAAYFAkNhkwYACgkQnZu7yPmLRpArTQCgp2JsbOSySZJ7XFvgy1sY4GcGntYA
    > oIwtV7CLTBjr5j2yW0v1In/Jm7Yv
    > =rigp
    > -----END PGP SIGNATURE-----
    >
    >
    > ------------------------------------------------------------------------------
    > Audit your website security with Acunetix Web Vulnerability Scanner:
    >
    > Hackers are concentrating their efforts on attacking applications on your
    > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    > futile against web application hacking. Check your website for vulnerabilities
    > to SQL injection, Cross site scripting and other web attacks before hackers do!
    > Download Trial at:
    >
    > http://www.securityfocus.com/sponsor/pen-test_050831
    > -------------------------------------------------------------------------------
    >
    >

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------


  • Next message: Frederic Charpentier: "Re: Vuln Scanner"

    Relevant Pages

    • RE: Sniffing on a switch
      ... below, usually called a /span or /mirror port, ... or even the entire traffic of a switch backplane. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)
    • Re: Sniffing on a switch
      ... Subject: AW: Sniffing on a switch ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • Re: Scanning Class A network
      ... > Recently I was given a task to carry out a port scan of an entire valid ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Pen test, tcp/1404 found - advice needed
      ... Mr seKurity Wizard next time try searching for the port number on the ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Identification of a Mail Server
      ... Nmap can do more than tell you if a port is open it will also detect what service is running on that port if possible ... How can one identify a mail server behind a firewall, be it Exchange, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)