RE: Network sniffing on the wire - managed switches

["Rui Pereira (WCG)" <wavefront1 () shaw ca>]

This works very well!! http://www.oxid.it/downloads/apr-intro.swf (ARP
Poison Routing). And take a look at the various MITM tools at
http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=mi
tm&type=archives and elsewhere. And although there are ways of protecting
against these kinds of attacks, such controls are seldom deployed.

Thank You
 
Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA,CWNA,CPTS/CPTE
Principal Consultant
WaveFront Consulting Group
 
wavefront1 () shaw ca | www.wavefrontcg.com | 1 604 961 0701
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Burton Strauss III
Sent: December 29, 2008 9:22 AM
To: security-basics () securityfocus com
Subject: RE: Network sniffing on the wire - managed switches

That's what mirror mode or span mode (different switch vendors call it
different things) does for you.

Or you need a physical tap (cost about $1K).

-----Burton

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Tom Yarrish
Sent: Friday, December 26, 2008 1:11 PM
To: security-basics () securityfocus com
Subject: Network sniffing on the wire - managed switches

Hey all,
This may come off as somewhat of a newbie question, but it's one I've  
been curious about.

When you are doing any sort of pen testing or sniffing on the wire,  
how do you handle a managed switch scenario.  If you're connected to a  
switch on one port, how can you monitor the traffic on the the other  
ports if you're not in a monitor mode?  I've never understood how you  
can sniff traffic other than the traffic from your machine to a  
destination.

Thanks ahead of time,
Tom

No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.176 / Virus Database: 270.10.1/1867 - Release Date: 12/29/2008
10:48 AM