Security Basics mailing list archives
RE: Caching a sniffer
From: Byron Copeland <nodialtone () comcast net>
Date: 25 Mar 2004 18:11:47 -0500
On Thu, 2004-03-25 at 14:19, Paul Blackstone wrote:
Or unless the person uses something like D-Sniff or one of the other similar tools. ;) Paul -----Original Message----- From: Andrew Shore [mailto:andrew.shore () holistecs com] Sent: Thursday, March 25, 2004 4:15 AM To: Shawn Jackson; Patrick Toomey Cc: security-basics () securityfocus com; ksaenz () spinaweb com au; gillettdavid () fhda edu Subject: RE: Caching a sniffer A switch is not a hub/router. In fact it is a micro segmented bridge. A switch operates at layer 2 of the OSI model ie MAC address layer. If a device is plugged into a switch port it will only see traffic sent to it (and broadcasts) it will not be able to see all the traffic on the network, ie between other PCs and the servers.
I'm sorry, I would have to completely disagree with that last statement. A nice little utility called "ettercap" will sniff all connections whether it be router or switch or hub. It has a lot of other nice features as well, like packet injection, kill connections, and will collect passwords, SSH1, HTTPS, etc. Not hard to find, just google for ettercap. http://ettercap.sourceforge.net/ -b
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: Caching a sniffer, (continued)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer Andrew Shore (Mar 25)
- RE: Caching a sniffer Paul Blackstone (Mar 25)
- RE: Caching a sniffer Byron Copeland (Mar 26)
- Re: Caching a sniffer Aaron (Mar 29)
- RE: Caching a sniffer Paul Blackstone (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 26)
- RE: Caching a sniffer David Gillett (Mar 25)