Re: Caching a sniffer

["aruna" <arunah () slt lk>]

Hi,

Appreciate to know the tools / methods available to sniff packets in a
switched environment.
The issue is that there is NO span port , how could this being done.

aruna
----- Original Message -----
From: "Nero, Nick" <Nick.Nero () disney com>
To: <gillettdavid () fhda edu>; "Andrew Shore" <andrew.shore () holistecs com>
Cc: <security-basics () securityfocus com>
Sent: Friday, March 26, 2004 2:47 AM
Subject: RE: Caching a sniffer


> Great article covering about everything you can do on Layer2 . ..
>
> http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_sol
> utions_white_paper09186a008014870f.shtml
>
> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu]
> Sent: Thursday, March 25, 2004 11:21 AM
> To: 'Andrew Shore'
> Cc: security-basics () securityfocus com
> Subject: RE: Caching a sniffer
>
> > A switch is not a hub/router. In fact it is a micro segmented bridge.
> >
> > A switch operates at layer 2 of the OSI model ie MAC address layer.
>
>   Amen, brother.
>
> > Therefore if someone has plugged a scanner into a network point they
> > will not be able to sniff any useful information from the network
> > unless that person has admin access to the switch. You can check this
> > by ensuring that none of the ports on the switches are in span mode
>
>   While you need admin access to set up a span port, Shawn and I have
> alluded to two different techniques which can allow non-admin users to
> sniff traffic on a switched network.  It's true that neither of these is
> quite "normal behaviour" -- they involve using special tools to modify
> the behaviour of hosts or switches.  But the tools exist and are readily
> available, and so the issue that confronts admins is how to detect
> and/or frustrate their use.
>
> David Gillett
>
>
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------