Security Basics mailing list archives
Re: Network sniffing on the wire - managed switches
From: ArcSighter Elite <arcsighter () gmail com>
Date: Tue, 30 Dec 2008 09:54:00 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kurt Buff wrote:
There's probably better ways of doing it now, but it used to be true that you could flood the switch with MAC addresses, overwhelming the arp table. This would have the effect of turning the switch into a hub. See this link, for one description: http://www.watchguard.com/infocenter/editorial/135324.asp On Fri, Dec 26, 2008 at 11:10 AM, Tom Yarrish <tom () yarrish com> wrote:Hey all, This may come off as somewhat of a newbie question, but it's one I've been curious about. When you are doing any sort of pen testing or sniffing on the wire, how do you handle a managed switch scenario. If you're connected to a switch on one port, how can you monitor the traffic on the the other ports if you're not in a monitor mode? I've never understood how you can sniff traffic other than the traffic from your machine to a destination. Thanks ahead of time, Tom
I just said, first ARP poison the entire network to think you're the switch. Second, do a flooding attack into the switch itself. Don't resort in a single piece of software (although I use ettercap/nemesis too), until you truly understand the whys and hows of the technique. Sincerely. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJWjYIH+KgkfcIQ8cRAojpAJ9Bb4hNCjkJB9OnsWlIqglYlsOjaQCfYnHB 9EbOZUCYJAWzzk4+BsvGS0w= =+kFr -----END PGP SIGNATURE-----
Current thread:
- Network sniffing on the wire - managed switches Tom Yarrish (Dec 29)
- RE: Network sniffing on the wire - managed switches Mercurio, Michael D (Dante) (Dec 29)
- Re: Network sniffing on the wire - managed switches Calvin Maready (Dec 29)
- Re: Network sniffing on the wire - managed switches Preston Connors (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 29)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 29)
- RE: Network sniffing on the wire - managed switches Burton Strauss III (Dec 29)
- RE: Network sniffing on the wire - managed switches Rui Pereira (WCG) (Dec 30)
- Re: Network sniffing on the wire - managed switches Tom Yarrish (Dec 30)
- Re: Network sniffing on the wire - managed switches Kurt Buff (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)
- Re: Network sniffing on the wire - managed switches gmail (Dec 30)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 30)
- DNS Paper Craig Wright (Dec 30)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)