Re: Sniffing in switched network
From: hallx@mail.com
Date: 01/31/03
- Previous message: Michaelian Ennis: "Re: Cisco PIX ip audit command"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 31 Jan 2003 19:19:45 -0000 From: <hallx@mail.com> To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <2A087C64E426484C8F36B69FF2B7176D0138FC85@MBXSRV01.stf.nus.edu.sg>
I think you ask how sniff switch network cos the ARP Table stay in switch,
then the packets will never become to your machine. or not? In hub network
the broadcast go to all machines...
If i undestand the problem (i think), you will need to change remote ARP
tables on switch. So you will need the Arpoison.
So youŽll finally can use dsniff ou ohter great sniff.
>Received: (qmail 27711 invoked from network); 31 Jan 2003 18:30:06 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
> by mail.securityfocus.com with SMTP; 31 Jan 2003 18:30:06 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id 817BDA31AD; Fri, 31 Jan 2003 10:49:23 -0700 (MST)
>Mailing-List: contact security-basics-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics@securityfocus.com>
>List-Help: <mailto:security-basics-help@securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
>Delivered-To: mailing list security-basics@securityfocus.com
>Delivered-To: moderator for security-basics@securityfocus.com
>Received: (qmail 28726 invoked from network); 31 Jan 2003 01:23:48 -0000
>content-class: urn:content-classes:message
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
>Subject: RE: Sniffing in switched network
>X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
>Date: Fri, 31 Jan 2003 09:24:19 +0800
>Message-ID:
<2A087C64E426484C8F36B69FF2B7176D0138FC85@MBXSRV01.stf.nus.edu.sg>
>X-MS-Has-Attach:
>X-MS-TNEF-Correlator:
>Thread-Topic: Sniffing in switched network
>Thread-Index: AcLIg/t9qW+c/vyqSd+TuvStEWEpywAQ15SQ
>From: "Lim Meng Koon" <ccelimmk@nus.edu.sg>
>To: <nork@gazeta.pl>, <security-basics@securityfocus.com>
>X-OriginalArrivalTime: 31 Jan 2003 01:24:19.0834 (UTC) FILETIME=
[7A7525A0:01C2C8C7]
>
>have you checked out dsniff?
>
>-----Original Message-----
>From: nork@gazeta.pl [mailto:nork@gazeta.pl]
>Sent: Thursday, January 30, 2003 8:52 PM
>To: security-basics@securityfocus.com
>Subject: Sniffing in switched network
>
>
>
>
>Hello,
>
>
>
>I've read through some documentation about sniffing the
>
>switched network. There are some arp-cache methods to
>
>discover a sniffing host (switched or "normal" network
>
>is not important here I think), if it is the switched
>
>network will I get the result I want, or first I have
>
>to become a sniffer also (i.e. arp-poison the switch
>
>cache) - to get the responses that will tell me who is
>
>the sniffer?
>
>
>
>Most documentation I read is somewhat old (2 years), is
>
>everything aleady well known and described in this
>
>subject or are there any running projects?=20
>
>
>
>Thanks for help,
>
>
>
>Norbert
>
- Next message: Meritt James: "Re: Risk analysis tools?"
- Previous message: Michaelian Ennis: "Re: Cisco PIX ip audit command"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
