Security Basics mailing list archives
Re: Caching a sniffer
From: "aruna" <arunah () slt lk>
Date: Sat, 27 Mar 2004 11:00:02 +0600
Hi, Appreciate to know the tools / methods available to sniff packets in a switched environment. The issue is that there is NO span port , how could this being done. aruna ----- Original Message ----- From: "Nero, Nick" <Nick.Nero () disney com> To: <gillettdavid () fhda edu>; "Andrew Shore" <andrew.shore () holistecs com> Cc: <security-basics () securityfocus com> Sent: Friday, March 26, 2004 2:47 AM Subject: RE: Caching a sniffer
Great article covering about everything you can do on Layer2 . .. http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_sol utions_white_paper09186a008014870f.shtml -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Thursday, March 25, 2004 11:21 AM To: 'Andrew Shore' Cc: security-basics () securityfocus com Subject: RE: Caching a snifferA switch is not a hub/router. In fact it is a micro segmented bridge. A switch operates at layer 2 of the OSI model ie MAC address layer.Amen, brother.Therefore if someone has plugged a scanner into a network point they will not be able to sniff any useful information from the network unless that person has admin access to the switch. You can check this by ensuring that none of the ports on the switches are in span modeWhile you need admin access to set up a span port, Shawn and I have alluded to two different techniques which can allow non-admin users to sniff traffic on a switched network. It's true that neither of these is quite "normal behaviour" -- they involve using special tools to modify the behaviour of hosts or switches. But the tools exist and are readily available, and so the issue that confronts admins is how to detect and/or frustrate their use. David Gillett --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Caching a sniffer, (continued)
- RE: Caching a sniffer David Gillett (Mar 26)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer Andrew Shore (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 26)
- RE: Caching a sniffer Shawn Jackson (Mar 26)
- RE: Caching a sniffer Shawn Jackson (Mar 26)
- RE: Caching a sniffer Nero, Nick (Mar 26)
- Re: Caching a sniffer aruna (Mar 29)
- Re: Caching a sniffer Mitchell Rowton (Mar 30)