RE: Caching a sniffer

• Previous message: Shawn Jackson: "RE: Caching a sniffer"
• Maybe in reply to: Patricio Bruna V.: "Caching a sniffer"
• Next in thread: David Gillett: "RE: Caching a sniffer"
• Reply: David Gillett: "RE: Caching a sniffer"
• Reply: Fernando Gont: "RE: Caching a sniffer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 24 Mar 2004 08:24:45 -0800
To: "Patrick Toomey" <ptoomey3@mac.com>

>It was my understanding that port mirroring was introduced because of
>the inherent differences between a switched environment and a hub
environment.

Correct.

>If someone is running a sniffer on your switched network and has the
ability
>to login to your switch, enable port mirroring, and sniff data, you
have
>much bigger problems than just having a rogue sniffer on the network.

Incorrect. A switch is basically a hub and router in one. You can flood
the
MAC address table of the switch, where is decides what port has what
MAC's
on it so it knows what port to route the traffic to. Once the table is
full
switches then 'turn-off' the routing/switching systems and the switch
then
becomes a hub. There is a program called macoff that does this. So you
don't
need to have access to the switch to sniff the entire network.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
       (800) 325-1199 x338

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Shawn Jackson: "RE: Caching a sniffer"
• Maybe in reply to: Patricio Bruna V.: "Caching a sniffer"
• Next in thread: David Gillett: "RE: Caching a sniffer"
• Reply: David Gillett: "RE: Caching a sniffer"
• Reply: Fernando Gont: "RE: Caching a sniffer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Looking for switch recommendations ... ... > Has anyone tested port mirroring on these switches and run into ... Every switch that does port mirroring probably has some problems related to ... implemented as a slot-based architecture with all of the slots on one ... that knowlege. ... (freebsd-net) RE: Network not accessible!!? ... So I would say you have some sort of port mirroring on the ... on the switch lately. ... the internet on either one of the two other PC's (named ... (microsoft.public.windowsxp.network_web) NIDS Recommendations in limited environment... ... after running into the mostly useless Intel 510 "port mirroring" in ... switch in use, cannot provide proper monitoring functions. ... (Focus-IDS) Re: Colasoft Packet Sniffer Doesnt See Internet Traffic ... >> Firewall. ... > Either set up- port mirroring on the switch or use a hub instead of a switch. ... Using Colasoft's packet sniffer I can now see all the Internet ... (comp.security.firewalls) Re: Colasoft Packet Sniffer Doesnt See Internet Traffic ... > Firewall. ... Either set up- port mirroring on the switch or use a hub instead of a switch. ... (comp.security.firewalls)