Penetration Testing mailing list archives
Re: Sniffing on a switch
From: DMORROW5 () satx rr com
Date: Thu, 03 Nov 2005 10:08:01 -0600
Hey Cory,
Even though you're using these tools with honest intentions,
couldn't ARP spoofing, (MITM), be considered, for lack of a better
word...hacking?
Dana
----- Original Message -----
From: NewYork User <newyorkuser () gmail com>
Date: Wednesday, November 2, 2005 9:20 am
Subject: Re: Sniffing on a switch
There is a great tool called WinARP spoofer for windows. This tool has a nice GUI and is very easy to use. It basically sends ARP broadcast continuously and updates ARP table on all the PCs that are connected to the switch; makes your PC a gateway and forwards to traffic to the gateway (Typical man-in-the-middle). After you start spooofing, you can use any of your favorite sniffer to capture all the traffic on the switch. I use Ethereal. WinARP spoofer and Ethereal as a combination works great. Give it a shot. http://www.addict3d.org/index.php?page=downloadfile&ID=3565 Hope this helps. -------------------------------------------------------------------- ---------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------- -----------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Sniffing on a switch Volker Tanger (Nov 01)
- Re: Sniffing on a switch Cedric Blancher (Nov 03)
- Re: Sniffing on a switch Volker Tanger (Nov 03)
- <Possible follow-ups>
- Re: Sniffing on a switch DMORROW5 (Nov 04)
- Re: Sniffing on a switch Cedric Blancher (Nov 03)