RE: Caching a sniffer

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 03/23/04

  • Next message: Khaled: "RE: Recommending an IDS system"
    To: "'Shawn Jackson'" <sjackson@horizonusa.com>
    Date: Tue, 23 Mar 2004 10:12:27 -0800
    
    

      I'm aware of SPAN, of course. I use it routinely to *enable*
    sniffing, not PREVENT it. (I took "Caching" to be an obvious
    misspelling of "Catching" -- was that my mistake?)

      What I don't see is how it can be described as "disable all it's
    port to allow promiscuous mode across the network", which sounds
    like maybe it means a switch command to either prevent client
    devices from going into promiscuous mode, or shut down the switch
    ports of clients who do. If such a command existed, it would be
    a great way to prevent users from sniffing each other's traffic,
    but I don't believe it does.

    David Gillett

    > -----Original Message-----
    > From: Shawn Jackson [mailto:sjackson@horizonusa.com]
    > Sent: Tuesday, March 23, 2004 9:49 AM
    > To: gillettdavid@fhda.edu; ksaenz@spinaweb.com.au
    > Cc: security-basics@securityfocus.com
    > Subject: RE: Caching a sniffer
    >
    >
    > >Could you, for instance, give the Cisco command(s) which do
    > what you're
    >
    > >trying to describe?
    >
    > It's called Port Mirroring or SPAN.
    > http://www.cisco.com/warp/public/473/41.html.
    >
    > Almost all (good) switches have that functionality, you just need to
    > find it.
    >
    > CAT1900 Example
    > http://www.effetech.com/help/cisco-span.htm
    >
    >
    > Shawn Jackson
    > Systems Administrator
    > Horizon USA
    > 1190 Trademark Dr #107
    > Reno NV 89521
    >
    > www.horizonusa.com
    > Email: sjackson@horizonusa.com
    > Phone: (775) 858-2338
    > (800) 325-1199 x338
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Khaled: "RE: Recommending an IDS system"

    Relevant Pages

    • RE: SPAN Port
      ... It all depends on the switch you're using. ... SPAN session are the source and destination/monitor ports. ... Subject: SPAN Port ... Planning, Computer Emergency Response Teams, and Digital Investigations. ...
      (Security-Basics)
    • RE: Sniffing a Switched Network
      ... Subject: Sniffing a Switched Network ... And Cabletron/Enterasys calls it "Port Redirect". ... and your mail server is in port 12 on your switch. ...
      (Security-Basics)
    • RE: Sniffing a Switched Network
      ... Subject: Sniffing a Switched Network ... The best way to sniff a network on a switch is to span the port you want to ...
      (Security-Basics)
    • RE: Sniffing a Switched Network
      ... Subject: Sniffing a Switched Network ... Well, because of the way switches work, only traffic bound to/from the port ... which echoes everything to every port, whereas a switch keeps a MAC address ...
      (Security-Basics)
    • RE: Sniffing a Switched Network
      ... Subject: Sniffing a Switched Network ... A switch operates at layer 2, and sorts traffic based on destination MAC ... knows which port that host lives on, only that host will get the traffic. ...
      (Security-Basics)