Re: sniffer
From: Grzesiek (grzes@lanservice.com.pl)Date: 04/18/02
- Previous message: chris@nospam.com: "Re: sniffer"
- In reply to: chris@nospam.com: "Re: sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Grzesiek" <grzes@lanservice.com.pl> Date: Thu, 18 Apr 2002 09:43:24 +0200
Thanks for your advice,
but I should protct my network and my clients networks which are larger, and
I can't be there everyday.
Can I detect "flood" programs (large network traffic) ?
Is it possible to set some options in managed switch to protect (VLAN,
Spanning Tree) ?
Is any software to protect servers or workstations ?
Grzesiek
> There are a couple of approaches to sniffing in a switched
> environment. The first would be a managed switch which can monitor
> ports
>
> There are programs to flood the switch with bogus mac addresses,
> causing the switch table to overflow and flood all traffic to all
> ports.
>
> Another program can be used to put out bogus arp packets to redirect
> ip traffic from the proper mac address to your machine, which then
> forwards it to the proper mac address. Tricky, but can be done.
>
> There are programs out there to detect if a machine has it's nic in
> promiscious mode. Best bet would be to periodically run a sweep and
> penalize anyone caught running a sniffer.
>
> -Chris
- Next message: chris@nospam.com: "Re: sniffer"
- Previous message: chris@nospam.com: "Re: sniffer"
- In reply to: chris@nospam.com: "Re: sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
