RE: Sniffing

From: Timothy Donahue (tdonahue_at_Haynes-Group.com)
Date: 12/15/03

Next message: Timothy Donahue: "RE: WinXP Admin login"

Previous message: Vedantam sekhar: "SPAM filter..."
Maybe in reply to: Shah H (Comp): "Sniffing"
Next in thread: H Carvey: "Re: Sniffing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 15 Dec 2003 14:04:24 -0500
To: "Shah H (Comp)" <03004309@glam.ac.uk>, <security-basics@securityfocus.com>

Inline.

> From: Shah H (Comp) [mailto:03004309@glam.ac.uk]
>
> I'm not an expert in the Security Arena like many of the guys on this
> group & wanted some information about Sniffer Programs solely for
> education purpose.
>
> 1) On a Switched Network can Sniffers capture Network Traffic only for
> the switch it is connected to switch or for all the switches on the
> network?

None of the above. Sniffers on a switched network can only capture
information destined for the MAC address of the NIC attached to the
switch. Only traffic for that MAC will be delivered.

On more advance switches, ie. Managed switches from Cisco or HP, you can
assign a "span port" that will allow you to mirror the traffic from one
port to another. This would allow you to sniff the traffic destined for
that port.

There are some sniffers which claim to be able to defeat this by using
arp storms, but they are extremely dangerious applications. They can
lead to DOS situations, and bring normally fast networks to their knees.
(Many companies also list unauthorized sniffing as an offense that an
employee can be terminated for.)

>
> 2) Can Sniffing be detected using a Network Intrusion Detection System
> and if yes then are there any Sniffing ways which are not detected by
> NDIS?

A correctly configured passive sniffer, no probably not. But you never
know.

Tim Donahue

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Timothy Donahue: "RE: WinXP Admin login"

Previous message: Vedantam sekhar: "SPAM filter..."
Maybe in reply to: Shah H (Comp): "Sniffing"
Next in thread: H Carvey: "Re: Sniffing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Sniffing
... On a Switched Network can Sniffers capture Network Traffic only for ... the switch it is connected to switch or for all the switches on the ... Can Sniffing be detected using a Network Intrusion Detection System ...
(Security-Basics)
RE: [Full-disclosure] how to bypass rogue machine detection techn iques
... There are methods of configuring switches to have their default VLAN ... be an innocuous network that's boxed in and/or be prompted with a default ... how to bypass rogue machine detection ... > at the switch level. ...
(Full-Disclosure)
Re: sniffer
... >I am trying to secure my network against sniffers. ... >and he can still sniffing my network with any "linux" program. ... The first would be a managed switch which can monitor ... forwards it to the proper mac address. ...
(comp.os.ms-windows.nt.admin.security)
RE: IP address conflicts
... If you get a network vendor like Network Hardware Resale ... >> It's amazing how money will appear out of thin air if certain oxen get ... the switch you are suggesting I cannibalise uses the EtherToken ... When dealing with a bureaucracy I have found the most effective method is ...
(freebsd-questions)
Re: ConnectComputer Problem
... I'm a little confused by your network configuration. ... Switch2 --- SBS Server ... switch has internet access all the time, the second switch has the client ... NICs ...
(microsoft.public.windows.server.sbs)