Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: sniffing packets on a switch

From: "Fields, James" <James.Fields () bcbsfl com>
Date: Mon, 10 Mar 2003 07:44:41 -0500
Several posters have replied recommending you use Ettercap.  I strongly urge
you NOT to do this if you are on a corporate network.  Ettercap attempts to
defeat the normal behavior of the switched environment using something
called "arp poisoning" to trick hosts on the switch into sending you their
packets.

Use of Ettercap may cause degraded performance of the sniffed hosts or the
subnet in general, especially if it is a busy subnet.  At my company this
would grounds for immediate termination and possibly legal action.

-----Original Message-----
From: Scott Borre [mailto:sfborre () yahoo com] 
Sent: Friday, March 07, 2003 6:55 PM
To: security-basics () securityfocus com
Subject: sniffing packets on a switch

I am interested in what people recommend using to
sniff packets on a switch. I have heard that TCPdump
has some problems doing this. Thank you ahead of the
time for any assistance.

Scott Borre

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/



Blue Cross Blue Shield of Florida, Inc., and its subsidiary and 
affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in 
this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc.
Previous By Date Next
Previous By Thread Next

Current thread: