Security Basics mailing list archives
RE: Why can I see other traffic at switch environment just tcpdum p?
From: Chris Santerre <csanterre () MerchantsOverseas com>
Date: Mon, 21 Oct 2002 16:57:31 -0400
2 reasons off the top of my head: 1) Port your in is a SPAN port for some reason. 2) There is a way to flood a switch with data, forcing it to revert back to a hub. Thus allowing a hacker to map your net. If #2 is it, you may have other problems to research :) -----Original Message----- From: SB CH [mailto:chulmin2 () hotmail com] Sent: Tuesday, October 08, 2002 10:03 PM To: security-basics () securityfocus com Subject: Why can I see other traffic at switch environment just tcpdump? Hello, all I have operated linux server at switch environment, and just with tcpdump, I can see some other traffic whic is not related with me without any other tool or trick. it means that I can sniff traffic without special sniffing tool at the switch , right? is it possible? but it's ture. for example, # tcpdump port 80 15:03:42.681171 eth0 P 211.47.130.114.1131 > 211.47.1.55.www: S my system has no relations with 211.47.130.114 or 211.47.1.55. just switch connected together with 211.47.1.55. Thanks in advance. _________________________________________________________________ MSN Messenger¸¦ ´Ù¿î·ÎµåÇÏ¿© ¿Â¶óÀÎ»ó¿¡ Àִ ģ±¸¿Í ´ëȸ¦ ³ª´©¼¼¿ä. http://messenger.msn.co.kr
Current thread:
- RE: Why can I see other traffic at switch environment just tcpdum p? Chris Santerre (Oct 22)