Security Basics mailing list archives

RE: ethereal capture

From: "Tenorio, Leandro" <ltenorio () intelaction com>
Date: Wed, 17 Sep 2003 21:01:53 -0300

Did u check if the switch in not configured to monitor some other port?
And not is not usual, when u monitor a port u should only see the
traffic from and to the port u're monitoring.

-----Original Message-----
From: Cat Thrasher [mailto:isd607 () co santa-cruz ca us] 
Sent: Wednesday, September 17, 2003 8:18 PM
To: security-basics () securityfocus com
Subject: ethereal capture

Hi, Please advise on my question.
I thought when you are sniffing a switched segment, you are only seeing
broadcast traffic. I see source Workstation(not the one I am monitoring
on)--Dest Webserver inside on my network and protocol http. Please tell
me if this is usual.

I have ethereal on a laptop. I did a port monitor on a Cisco Switch and
captured traffic from one port. (so I thought) I thought I'd only see
what the workstation on port fast ethernet 0/ 38 was doing. But like I
said above, I see lots of http conversations and tcp conversations where
the dest port is not all F's, or 255's. And the source is not the
workstation on the port I am monitoring.

Thanks alot.

Cat Thrasher

------------------------------------------------------------------------
---
Captus Networks
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW -  FREE
Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

ethereal capture Cat Thrasher (Sep 17)
- Re: ethereal capture Matt Simmons (Sep 18)
- Re: ethereal capture ericbrouwers (Sep 22)
- <Possible follow-ups>
- RE: ethereal capture Tenorio, Leandro (Sep 18)
- RE: ethereal capture Hagen, Eric (Sep 18)
- RE: ethereal capture Fields, James (Sep 18)