Security Incidents mailing list archives

Why can I see other traffic at switch environment just tcpdump?

From: "SB CH" <chulmin2 () hotmail com>
Date: Tue, 08 Oct 2002 06:08:32 +0000


Hello, all

I have operated linux server at switch environment,

and just with tcpdump, I can see some other traffic whic is not relatedwith me without any other tool or trick.

it means that I can sniff traffic without special sniffing tool at theswitch , right? is it possible?

but it's ture.

for example,

# tcpdump port 80

15:03:42.681171 eth0 P 211.47.130.114.1131 > 211.47.1.55.www: Smy system has no relations with 211.47.130.114 or 211.47.1.55.

just switch connected together with 211.47.1.55.


Thanks in advance.


_________________________________________________________________

클릭하면 나만의 광고가 뜹니다. 검색 키워드 광고 문의http://www.msn.co.kr/search/keywordshop



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Why can I see other traffic at switch environment just tcpdump? SB CH (Oct 08)
- Re: Why can I see other traffic at switch environment just tcpdump? Kelly Martin (Oct 08)
  - RE: Why can I see other traffic at switch environment just tcpdump? Rob Shein (Oct 09)
- Re: Why can I see other traffic at switch environment just tcpdump? Darryl Luff (Oct 09)