Security Basics mailing list archives
Re: Network sniffing on the wire - managed switches
From: "Jorge L. Vazquez" <jlvazquez825 () gmail com>
Date: Tue, 30 Dec 2008 14:14:40 -0500
the problem when doing and ARP poisoning between the Gateway and everyone else is that you could cause a Denial of Services on the network, specially when doing this with an average PC... I wouldn't advice to poison the gateway and every single host in the network just my two cents thanks -JV www.pctechtips.org gmail wrote:
I think you mean the router not the switch. You want to arp poison the
network to think you are the router. Need to watch doing everything here though. To accomplish this you need to send the packet on after it comes to you. So your port needs twice the bandwidth. You really need to look at the network layout and only hijack the ports you want. If you do everything, you have a good chance of slowdown network traffic and this could lead to someone investigating the traffic patterns.
Good tools for this is dsniff, a little complicated though. Easier tool
is Cain & Able, but windows only.
On Dec 30, 2008, at 8:54 AM, ArcSighter Elite wrote: Kurt Buff wrote:There's probably better ways of doing it now, but it used to be true that you could flood the switch with MAC addresses, overwhelming the arp table. This would have the effect of turning the switch into a hub. See this link, for one description: http://www.watchguard.com/infocenter/editorial/135324.asp On Fri, Dec 26, 2008 at 11:10 AM, Tom Yarrish <tom () yarrish com> wrote:Hey all, This may come off as somewhat of a newbie question, but it's oneI've beencurious about. When you are doing any sort of pen testing or sniffing on thewire, how doyou handle a managed switch scenario. If you're connected to aswitch onone port, how can you monitor the traffic on the the other portsif you'renot in a monitor mode? I've never understood how you can snifftrafficother than the traffic from your machine to a destination. Thanks ahead of time, TomI just said, first ARP poison the entire network to think you're the switch. Second, do a flooding attack into the switch itself. Don't resort in a single piece of software (although I use ettercap/nemesis too), until you truly understand the whys and hows of the technique. Sincerely.
Current thread:
- Re: Network sniffing on the wire - managed switches, (continued)
- Re: Network sniffing on the wire - managed switches Calvin Maready (Dec 29)
- Re: Network sniffing on the wire - managed switches Preston Connors (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 29)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 29)
- RE: Network sniffing on the wire - managed switches Burton Strauss III (Dec 29)
- RE: Network sniffing on the wire - managed switches Rui Pereira (WCG) (Dec 30)
- Re: Network sniffing on the wire - managed switches Tom Yarrish (Dec 30)
- Re: Network sniffing on the wire - managed switches Kurt Buff (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)
- Re: Network sniffing on the wire - managed switches gmail (Dec 30)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 30)
- DNS Paper Craig Wright (Dec 30)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)