Security Basics mailing list archives
Re: Sniffing in switched network
From: <hallx () mail com>
Date: 31 Jan 2003 19:19:45 -0000
In-Reply-To: <2A087C64E426484C8F36B69FF2B7176D0138FC85 () MBXSRV01 stf nus edu sg> I think you ask how sniff switch network cos the ARP Table stay in switch, then the packets will never become to your machine. or not? In hub network the broadcast go to all machines... If i undestand the problem (i think), you will need to change remote ARP tables on switch. So you will need the Arpoison. So you´ll finally can use dsniff ou ohter great sniff.
Received: (qmail 27711 invoked from network); 31 Jan 2003 18:30:06 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 31 Jan 2003 18:30:06 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP id 817BDA31AD; Fri, 31 Jan 2003 10:49:23 -0700 (MST) Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Received: (qmail 28726 invoked from network); 31 Jan 2003 01:23:48 -0000 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Sniffing in switched network X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0 Date: Fri, 31 Jan 2003 09:24:19 +0800 Message-ID:
<2A087C64E426484C8F36B69FF2B7176D0138FC85 () MBXSRV01 stf nus edu sg>
X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Sniffing in switched network Thread-Index: AcLIg/t9qW+c/vyqSd+TuvStEWEpywAQ15SQ From: "Lim Meng Koon" <ccelimmk () nus edu sg> To: <nork () gazeta pl>, <security-basics () securityfocus com> X-OriginalArrivalTime: 31 Jan 2003 01:24:19.0834 (UTC) FILETIME=
[7A7525A0:01C2C8C7]
have you checked out dsniff? -----Original Message----- From: nork () gazeta pl [mailto:nork () gazeta pl] Sent: Thursday, January 30, 2003 8:52 PM To: security-basics () securityfocus com Subject: Sniffing in switched network Hello, I've read through some documentation about sniffing the switched network. There are some arp-cache methods to discover a sniffing host (switched or "normal" network is not important here I think), if it is the switched network will I get the result I want, or first I have to become a sniffer also (i.e. arp-poison the switch cache) - to get the responses that will tell me who is the sniffer? Most documentation I read is somewhat old (2 years), is everything aleady well known and described in this subject or are there any running projects?=20 Thanks for help, Norbert
Current thread:
- Re: RE: Sniffing in switched network BYRON COPELAND (Jan 31)
- <Possible follow-ups>
- Re: Sniffing in switched network hallx (Jan 31)
- RE: Sniffing in switched network Lim Meng Koon (Feb 05)