Most switches support remote management features like web interfaces, SNMP, telnet, etc. If these switches hacked, someone can not only cause a denial of service, but use the port mirroring feature to sniff traffic. So, I am curious to know the thoughts of others in addressing this issue. (I know that some of the more expensive switches and routers can utilize encrypted passwords, but I believe community strings are still clear text, correct?)
At 1/4/2002 12:10 PM, [EMAIL PROTECTED] wrote:
With the 3com 3300, in order to monitor the network traffic that is traversing the 3com 3300 switch, one must configure what is called a monitor port or analysis port (under the Roving Analysis Setup) using the 3com Switch Management Software. One has to define an Analysis port (the port that is connected to the Sniffer) and a monitor port (the port that is being monitored). Once the two are defined, and it is enabled via the Switch Management software, the stack passes all the traffic going in and out of the monitor port and copies it to the analysis port.
If you are attempting to monitor traffic across multiple VLANs, an analysis port must be setup in each VLAN used by the 3com 3300.
Note: The analysis port should be configured to have a higher bandwidth than the monitor port, otherwise, not all traffic that is being analyzed will be captured entirely.
/hope this helps
/cheers,
*useless memorization of switch/router configuration options.. * (these type of questions never appear on a CISSP exam.:-)
/m
At 11:53 AM 1/4/2002 -0800, William Stackpole wrote:
Daniel,
Most switches will allow one or more ports to be combined or cross connected
for this very purpose. If this isn't possible then the best you can do is
put the sniffer on the backbone segment attached to the switch. You
wouldn't be able to see the traffic between individual switch nodes but you
will be conversations out to servers, Internet connections etc. The other
alternative, if this is a temporary situsation for troubleshooting purposes,
you could replace the switch with a hub.
-- Bill Stackpole, CISSP
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 04, 2002 11:14 AM
Subject: (no subject)
> Hi,
>
> how do I use snnifer in a switch in a way that permits to capture all
> traffic ? (3com 3300)
>
> Thank's in advance,
> Daniel
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
Kenneth H. Milder
Los Alamos National Laboratory
Computing, Communications & Networking Division (CCN)
Network Engineering Group(CCN-5)
Network Support Team (NST)/X Division Computing Services Team (XCS)
MS-F645
Los Alamos, New Mexico 87545-0010
Office: (505)667-2552
Fax:
E-mail: [EMAIL PROTECTED]
*********************************************************************
