Security Basics mailing list archives

RE: ethereal capture

From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Thu, 18 Sep 2003 09:33:38 -0600

Sounds like you have your switch ports mirrored through that port. On a
Cisco, that's unlikely to be a "bug", but more likely a misconfiguration.

Eric Hagen

-----Original Message-----
From: Cat Thrasher [mailto:isd607 () co santa-cruz ca us]
Sent: Wednesday, September 17, 2003 5:18 PM
To: security-basics () securityfocus com
Subject: ethereal capture

Hi, Please advise on my question.
I thought when you are sniffing a switched segment, you are only seeing
broadcast traffic. I see source Workstation(not the one I am monitoring
on)--Dest Webserver inside on my network and protocol http. Please tell me
if this is usual.

I have ethereal on a laptop. I did a port monitor on a Cisco Switch and
captured traffic from one port. (so I thought) I thought I'd only see what
the workstation on port fast ethernet 0/ 38 was doing. But like I said
above, I see lots of http conversations and tcp conversations where the dest
port is not all F's, or 255's. And the source is not the workstation on the
port I am monitoring.

Thanks alot.

Cat Thrasher

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

ethereal capture Cat Thrasher (Sep 17)
- Re: ethereal capture Matt Simmons (Sep 18)
- Re: ethereal capture ericbrouwers (Sep 22)
- <Possible follow-ups>
- RE: ethereal capture Tenorio, Leandro (Sep 18)
- RE: ethereal capture Hagen, Eric (Sep 18)
- RE: ethereal capture Fields, James (Sep 18)