Full Disclosure mailing list archives
RE: Caching a sniffer
From: "Mike Fratto" <mfratto () nwc com>
Date: Thu, 11 Mar 2004 12:43:17 -0500
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Kenton Smith Sent: Thursday, March 11, 2004 11:50 AM To: pbruna () masev cl Cc: Full Disclosure; SECURITY-BASICS () securityfocus com Subject: Re: [Full-disclosure] Caching a sniffer I skimmed through some of the articles and they all have some good information. Are you running a switched network? If you are then the easiest way is to look at your traffic stats and find the port that *all* traffic is going to. If this doesn't make sense to you, then you should do some more research on sniffers.
Your assuming that the attacker 1) has control of the switch and 2) is sniffing either the uplink or has configured the switch to mirror all the switch ports or VLAN to the mirror port. Neither of which may be the case. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Caching a sniffer Patricio Bruna V. (Mar 10)
- Re: Caching a sniffer Gary E. Miller (Mar 10)
- Re: Caching a sniffer Dave Horsfall (Mar 10)
- Re: Caching a sniffer morning_wood (Mar 11)
- Re: Caching a sniffer Tim (Mar 10)
- Re: Caching a sniffer Chris Adams (Mar 10)
- Re: Caching a sniffer Eric LeBlanc (Mar 11)
- Re: Caching a sniffer Simon Richter (Mar 11)
- Re: Caching a sniffer Kenton Smith (Mar 11)
- RE: Caching a sniffer Mike Fratto (Mar 11)
- RE: Caching a sniffer Kenton Smith (Mar 11)
- RE: Caching a sniffer David Bartholomew (Mar 11)
- Re: Caching a sniffer Simon Richter (Mar 12)
- RE: Caching a sniffer Justin Baldini (Mar 12)
- RE: Caching a sniffer Mike Fratto (Mar 11)
- <Possible follow-ups>
- Re: Caching a sniffer Ian Latter (Mar 10)
- Re: Caching a sniffer Cael Abal (Mar 10)
- RE: Caching a sniffer David Vincent (Mar 10)
- Re: Caching a sniffer Lan Guy (Mar 11)
- Re: Caching a sniffer Ian Latter (Mar 10)