Re: switched n/w

["Ivan Coric" <ivan.coric () workcoverqld com au>]

kaushal,

Yes you can sniff on a switched network.
you have a lot of reading to do!

http://www.sans.org/resources/idfaq/switched_network.php 

http://fux0r.phathookups.com/incoming/layer2sniffing.pdf 

http://www.google.com.au/search?hl=en&q=sniff+switched+network&btnG=Search&meta=

tools for sniffing, by no means an exhaustive list
http://ettercap.sourceforge.net/
http://www.monkey.org/~dugsong/dsniff/

Cheers
Ivan


Ivan Coric, CISSP, RHCE
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au

> > > kaushal <kaushal () rocsys com> 8/12/2004 4:30:24 am >>>
Hi,
   Iam a bit new to network securities.We have a switched network and
to
my knowledge a hosts' data cannot be sniffed by other host by runnning
tcpdump.But Iam receiving complaints from few users that their data is
being changed/manipulated.Is this possible?
How can I avoid this at the host level?Does this mean the server has
been compromised?Any help or pointer in this aspect would be highly
appreciated.

thanks in advance.

kaushal.






***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used 
for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this 
information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************