RE: Caching a sniffer

From: David Gillett (
Date: 03/23/04

  • Next message: Khaled: "RE: Recommending an IDS system"
    To: "'Shawn Jackson'" <>
    Date: Tue, 23 Mar 2004 10:12:27 -0800

      I'm aware of SPAN, of course. I use it routinely to *enable*
    sniffing, not PREVENT it. (I took "Caching" to be an obvious
    misspelling of "Catching" -- was that my mistake?)

      What I don't see is how it can be described as "disable all it's
    port to allow promiscuous mode across the network", which sounds
    like maybe it means a switch command to either prevent client
    devices from going into promiscuous mode, or shut down the switch
    ports of clients who do. If such a command existed, it would be
    a great way to prevent users from sniffing each other's traffic,
    but I don't believe it does.

    David Gillett

    > -----Original Message-----
    > From: Shawn Jackson []
    > Sent: Tuesday, March 23, 2004 9:49 AM
    > To:;
    > Cc:
    > Subject: RE: Caching a sniffer
    > >Could you, for instance, give the Cisco command(s) which do
    > what you're
    > >trying to describe?
    > It's called Port Mirroring or SPAN.
    > Almost all (good) switches have that functionality, you just need to
    > find it.
    > CAT1900 Example
    > Shawn Jackson
    > Systems Administrator
    > Horizon USA
    > 1190 Trademark Dr #107
    > Reno NV 89521
    > Email:
    > Phone: (775) 858-2338
    > (800) 325-1199 x338

    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:

  • Next message: Khaled: "RE: Recommending an IDS system"