Security Basics mailing list archives
Re: sniffing in a switched network - a presentation on ARP spoofing
From: Manu Garg <manugarg () gmail com>
Date: Tue, 14 Jun 2005 15:16:16 -0400
Thanks for the comments Bill! Overflowing the switch's ARP table is easier, but it's more detectable, as it affects the whole network not just the machines in question. Anyways, I'll make it a point to mention it in the presentation. It needs some polishing for sure. cheers, ~manu On 6/14/05, Bill Nye <skinnay () gmail com> wrote:
since the paper assumes the reader doesnt know its possible to sniff a switched network, you could also mention it's usually possible (and easier) just to overflow the switch's arp table. On 6/13/05, Manu Garg <manugarg () gmail com> wrote:Many of us know that sniffing is possible in a shared i.e. non-switched ethernet environment. But only few of us know that sniffing is also possible in a switched ethernet environment. One of the reasons is that it's not that straighforward. But it's not impossible or difficult. You can use man in the middle technique like ARP spoofing to sniff in a switched environment. This presentation is an attempt to explain how can somebody sniff in a switched ethernet using ARP spoofing. Dsniff has existed for long as a tool for various sniffing activities. But recently, tools like EttercapNG have made it easier. Link to my original post and presentation - http://manugarg.freezope.org/2005/06/sniffing-in-switched-network-many-of.html cheers, -Manu _________ Manu Garg http://manugarg.freezope.org "Truth will set you free!"
-- Manu Garg http://manugarg.freezope.org "Truth will set you free!"
Current thread:
- sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jun 14)
- Message not available
- Re: sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jun 15)
- Message not available
- RE: sniffing in a switched network - a presentation on ARP spoofing Miguel Dilaj (Jun 15)
- <Possible follow-ups>
- RE: sniffing in a switched network - a presentation on ARP spoofing Shane Singh (Jun 15)