Re: switch jamming
From: Sebastian Jaenicke (tsa@jaenicke.org)Date: 01/30/02
- Previous message: Jan: "switch jamming"
- In reply to: Jan: "switch jamming"
- Next in thread: Todd Suiter: "Re: switch jamming"
- Next in thread: Securism: "Re: switch jamming"
- Reply: Todd Suiter: "Re: switch jamming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jan 2002 23:13:14 +0100 From: Sebastian Jaenicke <tsa@jaenicke.org> To: vuln-dev@securityfocus.com
Hi,
On Wed, Jan 30, 2002 at 10:05:08PM +0000, Jan wrote:
[..]
> how can i sniff upon a switched network segment ? a read some articles about "switch jamming" and "port mirroring" but up to know i didn't learn anything special at all.
> ca some of your guys out there help me ? (i'm sure some of you can but are you willing, too ?)
>
This can be achieved by flooding the switch with spoofed ARP packets until
its internal MAC table is filled up - most switches will then revert to
"hub mode" and therefore broadcast all traffic to the network where it
can easily be sniffed.
http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm should
give you some (more accurate?) information.
Sebastian
-- Sebastian Jaenicke whois pgpkey-18AC0BE4@whois.ripe.net|perl -ne's-^certif: +--&&print' "Object-oriented programming is an exceptionally bad idea which could only have originated in California." --Edsger Dijkstra
- application/pgp-signature attachment: stored
- Previous message: Jan: "switch jamming"
- In reply to: Jan: "switch jamming"
- Next in thread: Todd Suiter: "Re: switch jamming"
- Next in thread: Securism: "Re: switch jamming"
- Reply: Todd Suiter: "Re: switch jamming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
