Security Basics mailing list archives
Re: Caching a sniffer
From: Patrick Toomey <ptoomey3 () mac com>
Date: Tue, 23 Mar 2004 20:59:46 -0500
I haven't been following the complete thread, but scratched my head after reading the recommendation on port mirroring. It was my understanding that port mirroring was introduced because of the inherent differences between a switched environment and a hub environment. Switches by default don't let any one port listen to all traffic (unlike a hub where all users have this ability), and thus there was a need on managed switches for administrators to selectively allow certain ports to act as though they were on a hub, to place an passive IDS, or to debug general network traffic. If someone is running a sniffer on your switched network and has the ability to login to your switch, enable port mirroring, and sniff data, you have much bigger problems than just having a rogue sniffer on the network.
On Mar 23, 2004, at 12:49 PM, Shawn Jackson wrote:
Could you, for instance, give the Cisco command(s) which do what you'retrying to describe?It's called Port Mirroring or SPAN. http://www.cisco.com/warp/public/473/41.html. Almost all (good) switches have that functionality, you just need to find it. CAT1900 Example http://www.effetech.com/help/cisco-span.htm Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338----------------------------------------------------------------------- ---- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization.Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html----------------------------------------------------------------------- -----
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- [Full-Disclosure] Caching a sniffer; Re:, (continued)
- [Full-Disclosure] Caching a sniffer; Re: Eric LeBlanc (Mar 11)
- [Full-Disclosure] Caching a sniffer; Re: Kenton Smith (Mar 11)
- Re: Caching a sniffer Bob Radvanovsky (Mar 11)
- Re: Caching a sniffer Fernando Gont (Mar 17)
- Re: Caching a sniffer ksaenz (Mar 22)
- RE: Caching a sniffer David Gillett (Mar 23)
- Re: Caching a sniffer Fernando Gont (Mar 24)
- Re: Caching a sniffer ksaenz (Mar 22)
- RE: Caching a sniffer Chris Merkel (Mar 11)
- RE: Caching a sniffer Shawn Jackson (Mar 23)
- RE: Caching a sniffer David Gillett (Mar 24)
- Re: Caching a sniffer Patrick Toomey (Mar 24)
- RE: Caching a sniffer Shawn Jackson (Mar 24)
- RE: Caching a sniffer Burton M. Strauss III (Mar 25)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 24)
- RE: Caching a sniffer David Gillett (Mar 24)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 24)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)