RE: Caching a sniffer

[Byron Copeland <nodialtone () comcast net>]

On Thu, 2004-03-25 at 14:19, Paul Blackstone wrote:
> Or unless the person uses something like D-Sniff or one of the other similar
> tools. ;)
>
> Paul
>
> -----Original Message-----
> From: Andrew Shore [mailto:andrew.shore () holistecs com] 
> Sent: Thursday, March 25, 2004 4:15 AM
> To: Shawn Jackson; Patrick Toomey
> Cc: security-basics () securityfocus com; ksaenz () spinaweb com au;
> gillettdavid () fhda edu
> Subject: RE: Caching a sniffer
>
> A switch is not a hub/router. In fact it is a micro segmented bridge.
>
> A switch operates at layer 2 of the OSI model ie MAC address layer. 
>
> If a device is plugged into a switch port it will only see traffic sent
> to it (and broadcasts) it will not be able to see all the traffic on the
> network, ie between other PCs and the servers.

I'm sorry, I would have to completely disagree with that last statement.  A nice little 
utility called "ettercap" will sniff all connections whether it be router
or switch or hub.  It has a lot of other nice features as well, like packet injection, kill
connections, and will collect passwords, SSH1, HTTPS, etc.

Not hard to find, just google for ettercap.

http://ettercap.sourceforge.net/

-b

Attachment: signature.asc
Description: This is a digitally signed message part