Re: Caching a sniffer

[Patrick Toomey <ptoomey3 () mac com>]

I haven't been following the complete thread, but scratched my head  
after
reading the recommendation on port mirroring.  It was my understanding  
that
port mirroring was introduced because of the inherent differences  
between
a switched environment and a hub environment.  Switches by default  
don't let
any one port listen to all traffic (unlike a hub where all users have  
this ability),
and thus there was a need on managed switches for administrators to  
selectively
allow certain ports to act as though they were on a hub, to place an  
passive IDS,
or to debug general network traffic.  If someone is running a sniffer  
on your
switched network and has the ability to login to your switch, enable  
port mirroring,
and sniff data, you have much bigger problems than just having a rogue  
sniffer on the network.

On Mar 23, 2004, at 12:49 PM, Shawn Jackson wrote:

> > Could you, for instance, give the Cisco command(s) which do what  
> > you're
>
> > trying to describe?
>
> It's called Port Mirroring or SPAN.
> http://www.cisco.com/warp/public/473/41.html.
>
> Almost all (good) switches have that functionality, you just need to
> find it.
>
> CAT1900 Example
> http://www.effetech.com/help/cisco-span.htm
>
>
> Shawn Jackson
> Systems Administrator
> Horizon USA
> 1190 Trademark Dr #107
> Reno NV 89521
>
> www.horizonusa.com
> Email: sjackson () horizonusa com
> Phone: (775) 858-2338
>        (800) 325-1199 x338
>
> ----------------------------------------------------------------------- 
> ----
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545  
> off
> any course! All of our class sizes are guaranteed to be 10 students or  
> less
> to facilitate one-on-one interaction with one of our expert  
> instructors.
> Attend a course taught by an expert instructor with years of  
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the  
> skills
> of an Ethical Hacker to better assess the security of your  
> organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------- 
> -----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------