Security Basics mailing list archives

RE: sniffing packets on a switch

From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Mon, 10 Mar 2003 17:55:11 -0000

Just to confirm what James has said, Ethercap WILL degrade performance.
I have recommended it at times but be aware of its impact like any tool
that you want to introduce to any network.  Especially a corporate
network.
It is a good tool for some jobs but has its price.

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



-----Original Message-----
From: Fields, James [mailto:James.Fields () bcbsfl com] 
Sent: 10 March 2003 12:45
To: 'Scott Borre'; security-basics () securityfocus com
Subject: RE: sniffing packets on a switch


Several posters have replied recommending you use Ettercap.  I strongly
urge you NOT to do this if you are on a corporate network.  Ettercap
attempts to defeat the normal behavior of the switched environment using
something called "arp poisoning" to trick hosts on the switch into
sending you their packets.

Use of Ettercap may cause degraded performance of the sniffed hosts or
the subnet in general, especially if it is a busy subnet.  At my company
this would grounds for immediate termination and possibly legal action.

-----Original Message-----
From: Scott Borre [mailto:sfborre () yahoo com] 
Sent: Friday, March 07, 2003 6:55 PM
To: security-basics () securityfocus com
Subject: sniffing packets on a switch

I am interested in what people recommend using to
sniff packets on a switch. I have heard that TCPdump
has some problems doing this. Thank you ahead of the
time for any assistance.

Scott Borre

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/



Blue Cross Blue Shield of Florida, Inc., and its subsidiary and 
affiliate companies are not responsible for errors or omissions in this
e-mail message. Any personal comments made in this e-mail do not reflect
the views of Blue Cross Blue Shield of Florida, Inc.



******************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

******************************************************************************

Current thread:

sniffing packets on a switch Scott Borre (Mar 08)
- Re: sniffing packets on a switch Mark Ng (Mar 08)
- Re: sniffing packets on a switch secvuln (Mar 08)
- RE: sniffing packets on a switch David Gillett (Mar 11)
- Re: sniffing packets on a switch Valerio Bellizzomi (Mar 12)
- <Possible follow-ups>
- RE: sniffing packets on a switch Hankes, Christopher A (Mar 08)
- RE: sniffing packets on a switch Elkhatib, Ahmad (Mar 08)
- RE: sniffing packets on a switch Fields, James (Mar 10)
  - Re: sniffing packets on a switch Kenzo (Mar 11)
- RE: sniffing packets on a switch Trevor Cushen (Mar 11)
- RE: sniffing packets on a switch Brad Davenport (Mar 12)
  - RE: sniffing packets on a switch cpmurphyiii (Mar 13)
- Re: RE: sniffing packets on a switch govind (Mar 17)
- RE: sniffing packets on a switch David Vertie (Mar 17)