Security Basics mailing list archives
Re: Sniffing in switched network
From: <hallx () mail com>
Date: 31 Jan 2003 19:19:45 -0000
In-Reply-To: <2A087C64E426484C8F36B69FF2B7176D0138FC85 () MBXSRV01 stf nus edu sg> I think you ask how sniff switch network cos the ARP Table stay in switch, then the packets will never become to your machine. or not? In hub network the broadcast go to all machines... If i undestand the problem (i think), you will need to change remote ARP tables on switch. So you will need the Arpoison. So you´ll finally can use dsniff ou ohter great sniff.
Received: (qmail 27711 invoked from network); 31 Jan 2003 18:30:06 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 31 Jan 2003 18:30:06 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 817BDA31AD; Fri, 31 Jan 2003 10:49:23 -0700 (MST)
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 28726 invoked from network); 31 Jan 2003 01:23:48 -0000
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Sniffing in switched network
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
Date: Fri, 31 Jan 2003 09:24:19 +0800
Message-ID:
<2A087C64E426484C8F36B69FF2B7176D0138FC85 () MBXSRV01 stf nus edu sg>
X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Sniffing in switched network Thread-Index: AcLIg/t9qW+c/vyqSd+TuvStEWEpywAQ15SQ From: "Lim Meng Koon" <ccelimmk () nus edu sg> To: <nork () gazeta pl>, <security-basics () securityfocus com> X-OriginalArrivalTime: 31 Jan 2003 01:24:19.0834 (UTC) FILETIME=
[7A7525A0:01C2C8C7]
have you checked out dsniff? -----Original Message----- From: nork () gazeta pl [mailto:nork () gazeta pl] Sent: Thursday, January 30, 2003 8:52 PM To: security-basics () securityfocus com Subject: Sniffing in switched network Hello, I've read through some documentation about sniffing the switched network. There are some arp-cache methods to discover a sniffing host (switched or "normal" network is not important here I think), if it is the switched network will I get the result I want, or first I have to become a sniffer also (i.e. arp-poison the switch cache) - to get the responses that will tell me who is the sniffer? Most documentation I read is somewhat old (2 years), is everything aleady well known and described in this subject or are there any running projects?=20 Thanks for help, Norbert
Current thread:
- Re: RE: Sniffing in switched network BYRON COPELAND (Jan 31)
- <Possible follow-ups>
- Re: Sniffing in switched network hallx (Jan 31)
- RE: Sniffing in switched network Lim Meng Koon (Feb 05)