Security Basics mailing list archives

RE: Caching a sniffer

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 23 Mar 2004 10:12:27 -0800

  I'm aware of SPAN, of course.  I use it routinely to *enable*
sniffing, not PREVENT it.  (I took "Caching" to be an obvious
misspelling of "Catching" -- was that my mistake?)

  What I don't see is how it can be described as "disable all it's 
port to allow promiscuous mode across the network", which sounds
like maybe it means a switch command to either prevent client
devices from going into promiscuous mode, or shut down the switch
ports of clients who do.  If such a command existed, it would be
a great way to prevent users from sniffing each other's traffic,
but I don't believe it does.

David Gillett

-----Original Message-----
From: Shawn Jackson [mailto:sjackson () horizonusa com]
Sent: Tuesday, March 23, 2004 9:49 AM
To: gillettdavid () fhda edu; ksaenz () spinaweb com au
Cc: security-basics () securityfocus com
Subject: RE: Caching a sniffer

Could you, for instance, give the Cisco command(s) which do

what you're

trying to describe?


It's called Port Mirroring or SPAN.
http://www.cisco.com/warp/public/473/41.html.

Almost all (good) switches have that functionality, you just need to
find it.

CAT1900 Example
http://www.effetech.com/help/cisco-span.htm


Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

[Full-Disclosure] Caching a sniffer; Re:, (continued)
- [Full-Disclosure] Caching a sniffer; Re: Tim (Mar 11)
- [Full-Disclosure] Caching a sniffer; Re: Eric LeBlanc (Mar 11)
- [Full-Disclosure] Caching a sniffer; Re: Kenton Smith (Mar 11)
- Re: Caching a sniffer Bob Radvanovsky (Mar 11)
- Re: Caching a sniffer Fernando Gont (Mar 17)
  - Re: Caching a sniffer ksaenz (Mar 22)
    - RE: Caching a sniffer David Gillett (Mar 23)
    - Re: Caching a sniffer Fernando Gont (Mar 24)
- RE: Caching a sniffer Chris Merkel (Mar 11)
- RE: Caching a sniffer Shawn Jackson (Mar 23)
  - RE: Caching a sniffer David Gillett (Mar 24)
  - Re: Caching a sniffer Patrick Toomey (Mar 24)
- RE: Caching a sniffer Shawn Jackson (Mar 24)
  - RE: Caching a sniffer Burton M. Strauss III (Mar 25)
  - RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 24)
  - RE: Caching a sniffer David Gillett (Mar 24)
    - RE: Caching a sniffer Fernando Gont (Mar 25)
    - RE: Caching a sniffer David Gillett (Mar 25)
  - RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)

(Thread continues...)