Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: sniffing packets on a switch

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 10 Mar 2003 09:01:44 -0800
  Do you know what kind of problems?

  The most obvious problem with doing this is that, by
default, your sniffer machine's port on the switch will
only be sent traffic that is either broadcast, or addressed
specifically to the sniffer host.
  Most switches offer a way that the switch administrator 
can direct that traffic for one or more other ports be 
copied to the sniffer's port.  That's not a sniffer 
program issue.

  There *are* ways to try that may make this happen if
you don't have administrative access to the switch, and
there might even be some tools around that automate
such measures.  But on most well-run networks, people
without admin access to things like switches are also not
authorized to be running sniffers, so let's not go there
in a public forum....

David Gillett



-----Original Message-----
From: Scott Borre [mailto:sfborre () yahoo com]
Sent: March 7, 2003 15:55
To: security-basics () securityfocus com
Subject: sniffing packets on a switch


I am interested in what people recommend using to
sniff packets on a switch. I have heard that TCPdump
has some problems doing this. Thank you ahead of the
time for any assistance.
Previous By Date Next
Previous By Thread Next

Current thread: