Security Basics mailing list archives
RE: Network sniffing on the wire - managed switches
From: "Rui Pereira (WCG)" <wavefront1 () shaw ca>
Date: Mon, 29 Dec 2008 13:23:54 -0800
This works very well!! http://www.oxid.it/downloads/apr-intro.swf (ARP Poison Routing). And take a look at the various MITM tools at http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=mi tm&type=archives and elsewhere. And although there are ways of protecting against these kinds of attacks, such controls are seldom deployed. Thank You Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA,CWNA,CPTS/CPTE Principal Consultant WaveFront Consulting Group wavefront1 () shaw ca | www.wavefrontcg.com | 1 604 961 0701 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Burton Strauss III Sent: December 29, 2008 9:22 AM To: security-basics () securityfocus com Subject: RE: Network sniffing on the wire - managed switches That's what mirror mode or span mode (different switch vendors call it different things) does for you. Or you need a physical tap (cost about $1K). -----Burton -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Tom Yarrish Sent: Friday, December 26, 2008 1:11 PM To: security-basics () securityfocus com Subject: Network sniffing on the wire - managed switches Hey all, This may come off as somewhat of a newbie question, but it's one I've been curious about. When you are doing any sort of pen testing or sniffing on the wire, how do you handle a managed switch scenario. If you're connected to a switch on one port, how can you monitor the traffic on the the other ports if you're not in a monitor mode? I've never understood how you can sniff traffic other than the traffic from your machine to a destination. Thanks ahead of time, Tom No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.1/1867 - Release Date: 12/29/2008 10:48 AM
Current thread:
- Network sniffing on the wire - managed switches Tom Yarrish (Dec 29)
- RE: Network sniffing on the wire - managed switches Mercurio, Michael D (Dante) (Dec 29)
- Re: Network sniffing on the wire - managed switches Calvin Maready (Dec 29)
- Re: Network sniffing on the wire - managed switches Preston Connors (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 29)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 29)
- RE: Network sniffing on the wire - managed switches Burton Strauss III (Dec 29)
- RE: Network sniffing on the wire - managed switches Rui Pereira (WCG) (Dec 30)
- Re: Network sniffing on the wire - managed switches Tom Yarrish (Dec 30)
- Re: Network sniffing on the wire - managed switches Kurt Buff (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)
- Re: Network sniffing on the wire - managed switches gmail (Dec 30)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 30)
- DNS Paper Craig Wright (Dec 30)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)