RE: Sniffing

From: Timothy Donahue (tdonahue_at_Haynes-Group.com)
Date: 12/15/03

  • Next message: Timothy Donahue: "RE: WinXP Admin login"
    Date: Mon, 15 Dec 2003 14:04:24 -0500
    To: "Shah H (Comp)" <03004309@glam.ac.uk>, <security-basics@securityfocus.com>
    
    

    Inline.

    > From: Shah H (Comp) [mailto:03004309@glam.ac.uk]
    >
    > I'm not an expert in the Security Arena like many of the guys on this
    > group & wanted some information about Sniffer Programs solely for
    > education purpose.
    >
    > 1) On a Switched Network can Sniffers capture Network Traffic only for
    > the switch it is connected to switch or for all the switches on the
    > network?

    None of the above. Sniffers on a switched network can only capture
    information destined for the MAC address of the NIC attached to the
    switch. Only traffic for that MAC will be delivered.

    On more advance switches, ie. Managed switches from Cisco or HP, you can
    assign a "span port" that will allow you to mirror the traffic from one
    port to another. This would allow you to sniff the traffic destined for
    that port.

    There are some sniffers which claim to be able to defeat this by using
    arp storms, but they are extremely dangerious applications. They can
    lead to DOS situations, and bring normally fast networks to their knees.
    (Many companies also list unauthorized sniffing as an offense that an
    employee can be terminated for.)

    >
    > 2) Can Sniffing be detected using a Network Intrusion Detection System
    > and if yes then are there any Sniffing ways which are not detected by
    > NDIS?

    A correctly configured passive sniffer, no probably not. But you never
    know.

    Tim Donahue

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Timothy Donahue: "RE: WinXP Admin login"

    Relevant Pages

    • Sniffing
      ... On a Switched Network can Sniffers capture Network Traffic only for ... the switch it is connected to switch or for all the switches on the ... Can Sniffing be detected using a Network Intrusion Detection System ...
      (Security-Basics)
    • RE: [Full-disclosure] how to bypass rogue machine detection techn iques
      ... There are methods of configuring switches to have their default VLAN ... be an innocuous network that's boxed in and/or be prompted with a default ... how to bypass rogue machine detection ... > at the switch level. ...
      (Full-Disclosure)
    • Re: sniffer
      ... >I am trying to secure my network against sniffers. ... >and he can still sniffing my network with any "linux" program. ... The first would be a managed switch which can monitor ... forwards it to the proper mac address. ...
      (comp.os.ms-windows.nt.admin.security)
    • RE: IP address conflicts
      ... If you get a network vendor like Network Hardware Resale ... >> It's amazing how money will appear out of thin air if certain oxen get ... the switch you are suggesting I cannibalise uses the EtherToken ... When dealing with a bureaucracy I have found the most effective method is ...
      (freebsd-questions)
    • Re: ConnectComputer Problem
      ... I'm a little confused by your network configuration. ... Switch2 --- SBS Server ... switch has internet access all the time, the second switch has the client ... NICs ...
      (microsoft.public.windows.server.sbs)