RE: Why can I see other traffic at switch environment just tcpdum p?

[Chris Santerre <csanterre () MerchantsOverseas com>]

2 reasons off the top of my head:
1) Port your in is a SPAN port for some reason.
2) There is a way to flood a switch with data, forcing it to revert back to
a hub. Thus allowing a hacker to map your net. 

If #2 is it, you may have other problems to research :)

-----Original Message-----
From: SB CH [mailto:chulmin2 () hotmail com]
Sent: Tuesday, October 08, 2002 10:03 PM
To: security-basics () securityfocus com
Subject: Why can I see other traffic at switch environment just tcpdump?


Hello, all

I have operated linux server at switch environment,
and just with tcpdump, I can see some other traffic whic is not related 
with me without any other tool or trick.
 
it means that I can sniff traffic without special sniffing tool at the 
switch , right? is it possible?
but it's ture.

for example, 

# tcpdump port 80
15:03:42.681171 eth0 P 211.47.130.114.1131 > 211.47.1.55.www: S 
my system has no relations with 211.47.130.114 or 211.47.1.55.
just switch connected together with 211.47.1.55.


Thanks in advance.






_________________________________________________________________
MSN Messenger¸¦ ´Ù¿î·ÎµåÇÏ¿© ¿Â¶óÀÎ»ó¿¡ Àִ ģ±¸¿Í ´ëÈ­¸¦ ³ª´©¼¼¿ä. 
http://messenger.msn.co.kr