Re: Network sniffing on the wire - managed switches
- From: "Kurt Buff" <kurt.buff@xxxxxxxxx>
- Date: Mon, 29 Dec 2008 09:58:34 -0800
There's probably better ways of doing it now, but it used to be true
that you could flood the switch with MAC addresses, overwhelming the
arp table. This would have the effect of turning the switch into a
hub.
See this link, for one description:
http://www.watchguard.com/infocenter/editorial/135324.asp
On Fri, Dec 26, 2008 at 11:10 AM, Tom Yarrish <tom@xxxxxxxxxxx> wrote:
Hey all,
This may come off as somewhat of a newbie question, but it's one I've been
curious about.
When you are doing any sort of pen testing or sniffing on the wire, how do
you handle a managed switch scenario. If you're connected to a switch on
one port, how can you monitor the traffic on the the other ports if you're
not in a monitor mode? I've never understood how you can sniff traffic
other than the traffic from your machine to a destination.
Thanks ahead of time,
Tom
- Follow-Ups:
- Re: Network sniffing on the wire - managed switches
- From: ArcSighter Elite
- Re: Network sniffing on the wire - managed switches
- References:
- Network sniffing on the wire - managed switches
- From: Tom Yarrish
- Network sniffing on the wire - managed switches
- Prev by Date: Re: About Web hosting control panel : Windows vs Linux
- Next by Date: RE: Penetration testing books
- Previous by thread: Re: Network sniffing on the wire - managed switches
- Next by thread: Re: Network sniffing on the wire - managed switches
- Index(es):
Relevant Pages
|
