RE: Packet Sniffing in a Switched LAN

From: Robert D. Hughes (rob@robhughes.com)
Date: 10/27/01 

Subject: RE: Packet Sniffing  in a Switched LAN
Date: Fri, 26 Oct 2001 20:46:40 -0500
Message-ID: <B95B566BD245174196CA4EE29E581883092D20@HEXCH01.robhughes.com>
From: "Robert D. Hughes" <rob@robhughes.com>
To: "Jacques Chicourel Nunes Vaz - BA" <Jacques@telemar-ba.com.br>, <security-basics@securityfocus.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In a switched LAN, you can use any tool you'd like. A good one is
tcpdump, which is available for pretty much any platform. GUI front ends
are also available, and may make things a bit easier in the beginning,
as 200 nodes, especially if they're windows boxes, are going to make a
lot of noise.

The problem is, you're in a switched network. Unless your switches
either have a "monitor" port, or allow for port mirroring, you'll only
be able to see traffic to and from one node at a time, plus broadcast
traffic. I assume this is really what you're asking. The only other
option is to plug in a hub between one of the switches and the rest of
the LAN. This will allow you to see all traffic to and from that
segment.

Rob

- -----Original Message-----
From: Jacques Chicourel Nunes Vaz - BA
[mailto:Jacques@telemar-ba.com.br]
Sent: Thursday, October 25, 2001 12:33 PM
To: 'security-basics@securityfocus.com'
Subject: Packet Sniffing in a Switched LAN

Hi folks,
 
I have a Lan with 200 desktops and IŽd like to sniff it. What tool can I
use
to see all the packets ( going and coming ) ?
Any suggestions ?
 
Regards,
 
Jacques

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use

iQA/AwUBO9oSAOa2P6TrxG1EEQKobwCaAxI6BQgnGe4VvhC4WIyJD7aPdhMAoJPS
hUd9DTeqejho8m6xuDtrqvlu
=AWmf
-----END PGP SIGNATURE-----

Relevant Pages

  • RES: Packet Sniffing in a Switched LAN
    ... Subject: RES: Packet Sniffing in a Switched LAN ... Hi Folks, ... - we have many desktops without NAV ...
    (Security-Basics)
  • Re: Packet Sniffing in a Switched LAN
    ... Packet Sniffing in a Switched LAN ... How can i sniff packets trought a router or a switch? ... > If you receive this electronic mail in error, ...
    (Security-Basics)
  • RE: Packet Sniffing in a Switched LAN
    ... Packet Sniffing in a Switched LAN ... (Plus their support site is great!) ... If you receive this electronic mail in error, ...
    (Security-Basics)
  • Re: Packet Sniffing in a Switched LAN
    ... Packet Sniffing in a Switched LAN ... the software people mentioned here works great (ethereal, ettercap, ...
    (Security-Basics)
  • Re: Packet Sniffing in a Switched LAN
    ... If it isn't or doesn't provide port mirroring then you could take the ... a hub and then plug your ethereal box into that hub as well. ... Packet Sniffing in a Switched LAN ...
    (Security-Basics)