Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network sniffing on the wire - managed switches

From: Preston Connors <pconnors () atlantic net>
Date: Mon, 29 Dec 2008 11:52:48 -0500
Tom,

You can only monitor traffic that is present on your switched port. You
will not be able to monitor traffic on other switched ports if your port
is not set to monitor or hub mode. On under powered and older switches
you may be able to flood the switch with bogus MAC addresses overflowing
the switch's MAC address table. When you overflow the MAC address table
the switch will usually go into hub mode which will then broadcast all
traffic out of all switch ports just like a hub would.  

On Fri, 2008-12-26 at 13:10 -0600, Tom Yarrish wrote:

Hey all,
This may come off as somewhat of a newbie question, but it's one I've  
been curious about.

When you are doing any sort of pen testing or sniffing on the wire,  
how do you handle a managed switch scenario.  If you're connected to a  
switch on one port, how can you monitor the traffic on the the other  
ports if you're not in a monitor mode?  I've never understood how you  
can sniff traffic other than the traffic from your machine to a  
destination.

Thanks ahead of time,
Tom


-- 
Thank you,

Preston Connors
Network Support Technician
Atlantic.Net
Previous By Date Next
Previous By Thread Next

Current thread: