Security Basics mailing list archives

Re: Caching a sniffer

From: Aaron <nite () sonic net>
Date: Sun, 28 Mar 2004 16:31:41 -0800

Dsniff won't work on a hub, BUT.. After using ettercap, or any otherform of MAC poisioning aka ARP spoofing... any form of 'sniffing' will work.

Enjoy...!


Byron Copeland wrote:

On Thu, 2004-03-25 at 14:19, Paul Blackstone wrote:

Or unless the person uses something like D-Sniff or one of the other similar
tools. ;)

Paul

-----Original Message-----

From: Andrew Shore [mailto:andrew.shore () holistecs com]Sent: Thursday, March 25, 2004 4:15 AM

To: Shawn Jackson; Patrick Toomey
Cc: security-basics () securityfocus com; ksaenz () spinaweb com au;
gillettdavid () fhda edu
Subject: RE: Caching a sniffer

A switch is not a hub/router. In fact it is a micro segmented bridge.

A switch operates at layer 2 of the OSI model ie MAC address layer.

If a device is plugged into a switch port it will only see traffic sent
to it (and broadcasts) it will not be able to see all the traffic on the
network, ie between other PCs and the servers.

I'm sorry, I would have to completely disagree with that last statement. A nice littleutility called "ettercap" will sniff all connections whether it be router

or switch or hub.  It has a lot of other nice features as well, like packet injection, kill
connections, and will collect passwords, SSH1, HTTPS, etc.

Not hard to find, just google for ettercap.

http://ettercap.sourceforge.net/

-b



---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master the skillsof an Ethical Hacker to better assess the security of your organization.Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------

Current thread:

RE: Caching a sniffer, (continued)
- - - RE: Caching a sniffer David Gillett (Mar 25)
  - RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
  - RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
  - RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer Andrew Shore (Mar 25)
  - RE: Caching a sniffer Paul Blackstone (Mar 25)
    - RE: Caching a sniffer Byron Copeland (Mar 26)
    - Re: Caching a sniffer Aaron (Mar 29)
  - RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Andrew Shore (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
  - RE: Caching a sniffer David Gillett (Mar 26)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
  - RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer Andrew Shore (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)

(Thread continues...)