RE: Caching a sniffer
From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 03/23/04
- Previous message: LordInfidel_at_directionweb.com: "RE: Moderator Policy re: Out-of-office responses"
- Maybe in reply to: Patricio Bruna V.: "Caching a sniffer"
- Next in thread: Burton M. Strauss III: "RE: Caching a sniffer"
- Reply: Burton M. Strauss III: "RE: Caching a sniffer"
- Reply: Fernando Gont: "RE: Caching a sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Mar 2004 10:20:48 -0800 To: <gillettdavid@fhda.edu>
> If you have a decent network switch in your environment
> you can disable all it's port to allow promiscuous mode across the
> network.
From this text I got Port Mirroring, (SPAN). Now you can use MacOff
(or another MAC flooder) to overload the MAC table in a switch and turn
on promiscuous mode which will allow you to sniff the network.
>I'm aware of SPAN, of course. I use it routinely to *enable* sniffing,
>not PREVENT it. (I took "Caching" to be an obvious misspelling of
>"Catching" -- was that my mistake?)
No clue, I just caught the last part of this thread, detailed above. But
you're right, SPAN/Port Mirroring allows you to selective monitor a
ports
traffic by forwarding a real-time copy of that traffic to a monitor
port.
>What I don't see is how it can be described as "disable all it's
>port to allow promiscuous mode across the network", which sounds
>like maybe it means a switch command to either prevent client
>devices from going into promiscuous mode, or shut down the switch
>ports of clients who do. If such a command existed, it would be
>a great way to prevent users from sniffing each other's traffic,
>but I don't believe it does.
In essence if you flood the MAC table of a switch the switch will turn
into a hub, thus "disabling the switch component of the ports". You
could
argue that turning on SPAN/Port Mirroring is also disabling the 'switch'
part
of that concerned port.
To my knowledge, though not very extensive, I know of no command/system
in switches to detect a NIC/Adapter in promiscuous mode and disable the
port.
Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
(800) 325-1199 x338
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: LordInfidel_at_directionweb.com: "RE: Moderator Policy re: Out-of-office responses"
- Maybe in reply to: Patricio Bruna V.: "Caching a sniffer"
- Next in thread: Burton M. Strauss III: "RE: Caching a sniffer"
- Reply: Burton M. Strauss III: "RE: Caching a sniffer"
- Reply: Fernando Gont: "RE: Caching a sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
