Re: Sniffing on a switch

From: Dave Bush (hockeystatman_at_gmail.com)
Date: 10/29/05

  • Next message: Jarmon, Don R: "RE: Vuln Scanner" 
    Date: Sat, 29 Oct 2005 09:11:50 -0400
To: pen-test@securityfocus.com

    On 10/27/05, Andy Meyers <andy.meyers@hushmail.com> wrote:
    > Now i know people say you "cant" sniff on a switch and I know about ARP
    > poisoning and MAC flooding. But there has to be another way. I have heard
    > too many stories about "he sniffed my AIM conversation on a Cisco switch"
    > (an example is in the most recent version of 2600). Does anyone know of any
    > technique how to do this? Can you ARP poison a switch?

    I've heard of the techniques used by DSNIFF, but have never tried it.

    If you've got admin privs on a switch (either authorized or
    unauthorized) you can span a port so that two get the same traffic.

    ie: Make port 7/23 (your port) the same as port 7/9 (the port you want
    to sniff).

    Have done this to monitor systems before. Works like a charm! 

    --
Dave Bush <hockeystatman@gmail.com>
There are two seasons in my world - Hockey and Construction
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
  • Next message: Jarmon, Don R: "RE: Vuln Scanner"

    Relevant Pages

    • Re: Sniffing on a switch
      ... > poisoning and MAC flooding. ... You then can port ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Sniffing on a switch
      ... > poisoning and MAC flooding. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Mac vulnerability to be unvailed today
      ... A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple's OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today's forensics practices. ...
      (comp.sys.mac.advocacy)
    • Re: Solution (#005)
      ... per round, and the *second* attack is poisoned. ... It got in attacks because you were praying. ... So perhaps there was some reason why the unicorn was staying in your ... making death by food poisoning more imminent. ...
      (rec.games.roguelike.nethack)
    • Re: Identifying whether 2 IPs are from the same server
      ... "A Technique for Counting NATted Hosts ... login pages, dynamic content etc. Firewalls, SSL and locked-down servers are ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)