Sniffing a Switched Network
From: Michael R. White (michael.white@lmscae.com)Date: 09/05/01
- Previous message: Peter Smithen: "Keeping my NT Server Up to Date with Windows Update"
- Next in thread: Devdas Bhagat: "Re: Sniffing a Switched Network"
- Reply: Devdas Bhagat: "Re: Sniffing a Switched Network"
- Reply: Carsten Buchenau: "Re: Sniffing a Switched Network"
- Reply: Roy Kidder: "Re: Sniffing a Switched Network"
- Reply: d'Ambly, Jeff: "RE: Sniffing a Switched Network"
- Reply: Vachon, Scott: "RE: Sniffing a Switched Network"
- Reply: The Crocodile: "Re: Sniffing a Switched Network"
- Reply: Chris Eidem: "RE: Sniffing a Switched Network"
- Reply: Thiago Campos: "Re:Sniffing a Switched Network"
- Reply: Jason Lewis: "RE: Sniffing a Switched Network"
- Reply: Yahoo - CQRMail: "RE: Sniffing a Switched Network"
- Reply: Jake Gillen: "Re: Sniffing a Switched Network"
- Reply: John R. Morris: "RE: Sniffing a Switched Network"
- Reply: owentoby@WellsFargo.COM: "RE: Sniffing a Switched Network"
- Reply: centipede: "Re: Sniffing a Switched Network"
- Reply: Luis Figueiredo: "Re: Sniffing a Switched Network"
- Reply: surya: "Re: Sniffing a Switched Network"
- Reply: Johannes Segitz: "Re: Sniffing a Switched Network"
- Reply: Sven Martinek: "Re: Sniffing a Switched Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael R. White" <michael.white@lmscae.com> To: "Security-Basics" <security-basics@securityfocus.com>, "MICROSOFT_SECURITY" <MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM>, "Focus-Ms" <focus-ms@securityfocus.com> Subject: Sniffing a Switched Network Date: Wed, 5 Sep 2001 14:07:52 -0500 Message-ID: <NEBBKFNEMKHLMEOEHJPMGEGNDPAA.michael.white@lmscae.com>
I seem to be getting conflicting information about sniffing network traffic
on a switched network. I've been told by some that I should have no
difficulties sniffing all traffic on my switched network, but others say
unless you configure the monitoring on the switches I won't be able to sniff
all traffic. Can someone clarify, and possibly provide some resources?
I'm also interested in knowing what the best sniffers and best
implementations are. MS, Linux, Unix...doesn't matter, but interested in at
least one from each if possible. I've tried tcpdump on Redhat, but it
doesn't seem to provide all traffic information. I put a Win2K box and the
Redhat box on a hub with the Redhat box sniffing all traffic to and from
Win2k box. Upon pinging from and to the box, I get no results from tcpdump.
I am seeing some traffic like this line below:
12:51:51.999744 eth0 B 192.168.100.13.netbios-dgm >
192.168.100.255.netbios-dgm: NBT UDP (138)
but not much more than that.
Any help is greatly appreciated.
TIA,
Michael
- Previous message: Peter Smithen: "Keeping my NT Server Up to Date with Windows Update"
- Next in thread: Devdas Bhagat: "Re: Sniffing a Switched Network"
- Reply: Devdas Bhagat: "Re: Sniffing a Switched Network"
- Reply: Carsten Buchenau: "Re: Sniffing a Switched Network"
- Reply: Roy Kidder: "Re: Sniffing a Switched Network"
- Reply: d'Ambly, Jeff: "RE: Sniffing a Switched Network"
- Reply: Vachon, Scott: "RE: Sniffing a Switched Network"
- Reply: The Crocodile: "Re: Sniffing a Switched Network"
- Reply: Chris Eidem: "RE: Sniffing a Switched Network"
- Reply: Thiago Campos: "Re:Sniffing a Switched Network"
- Reply: Jason Lewis: "RE: Sniffing a Switched Network"
- Reply: Yahoo - CQRMail: "RE: Sniffing a Switched Network"
- Reply: Jake Gillen: "Re: Sniffing a Switched Network"
- Reply: John R. Morris: "RE: Sniffing a Switched Network"
- Reply: owentoby@WellsFargo.COM: "RE: Sniffing a Switched Network"
- Reply: centipede: "Re: Sniffing a Switched Network"
- Reply: Luis Figueiredo: "Re: Sniffing a Switched Network"
- Reply: surya: "Re: Sniffing a Switched Network"
- Reply: Johannes Segitz: "Re: Sniffing a Switched Network"
- Reply: Sven Martinek: "Re: Sniffing a Switched Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
