Security Basics mailing list archives
Re: Network sniffing on the wire - managed switches
From: gmail <dougary () gmail com>
Date: Tue, 30 Dec 2008 12:34:41 -0600
I think you mean the router not the switch. You want to arp poison the network to think you are the router. Need to watch doing everything here though. To accomplish this you need to send the packet on after it comes to you. So your port needs twice the bandwidth. You really need to look at the network layout and only hijack the ports you want. If you do everything, you have a good chance of slowdown network traffic and this could lead to someone investigating the traffic patterns.
Good tools for this is dsniff, a little complicated though. Easier tool is Cain & Able, but windows only.
On Dec 30, 2008, at 8:54 AM, ArcSighter Elite wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kurt Buff wrote:There's probably better ways of doing it now, but it used to be true that you could flood the switch with MAC addresses, overwhelming the arp table. This would have the effect of turning the switch into a hub. See this link, for one description: http://www.watchguard.com/infocenter/editorial/135324.aspOn Fri, Dec 26, 2008 at 11:10 AM, Tom Yarrish <tom () yarrish com> wrote:Hey all,This may come off as somewhat of a newbie question, but it's one I've beencurious about.When you are doing any sort of pen testing or sniffing on the wire, how do you handle a managed switch scenario. If you're connected to a switch on one port, how can you monitor the traffic on the the other ports if you're not in a monitor mode? I've never understood how you can sniff trafficother than the traffic from your machine to a destination. Thanks ahead of time, TomI just said, first ARP poison the entire network to think you're the switch. Second, do a flooding attack into the switch itself. Don't resort in a single piece of software (although I use ettercap/nemesis too), until you truly understand the whys and hows of the technique. Sincerely. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJWjYIH+KgkfcIQ8cRAojpAJ9Bb4hNCjkJB9OnsWlIqglYlsOjaQCfYnHB 9EbOZUCYJAWzzk4+BsvGS0w= =+kFr -----END PGP SIGNATURE-----
Current thread:
- RE: Network sniffing on the wire - managed switches, (continued)
- RE: Network sniffing on the wire - managed switches Mercurio, Michael D (Dante) (Dec 29)
- Re: Network sniffing on the wire - managed switches Calvin Maready (Dec 29)
- Re: Network sniffing on the wire - managed switches Preston Connors (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 29)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 29)
- RE: Network sniffing on the wire - managed switches Burton Strauss III (Dec 29)
- RE: Network sniffing on the wire - managed switches Rui Pereira (WCG) (Dec 30)
- Re: Network sniffing on the wire - managed switches Tom Yarrish (Dec 30)
- Re: Network sniffing on the wire - managed switches Kurt Buff (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)
- Re: Network sniffing on the wire - managed switches gmail (Dec 30)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 30)
- DNS Paper Craig Wright (Dec 30)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)