Re: Sniffer

Tue, 16 Jan 2001 11:54:58 -0800 

Bearing in mind also that if the switch is configured securely it will  
limit how many MAC's can come in on the same port (stopping a MAC flood), 
and if they are really paranoid, restrict what MAC is even allowed to use 
the port. I doubt most are so configured 'in the wild' but they could be, so 
don't count on such methods working every time.

If your switch does not have the ability to morror a port for monitoring, it 
probably lacks the needed options to protect it from MAC flooding anyway ;)

ES
***
----Original Message Follows----
From: "Stuart Brown" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Sniffer
Date: Fri, 12 Jan 2001 20:28:41 -0000


Just a warning after reading Klones statement that you can't see other
traffic on a switch , apologies to those of you who know this already......

If a switch is bombarded with false MAC addresses then when it fills its MAC
address tables it is possible on some kit to force the switch to forward on
all ports , hence Jose Nazario's response.

Be wary of broadcast storms on your network this may not be desirable!!




Another useful link by the way is ----

http://lin.fsid.cvut.cz/~kra/index.html




8<----------ORIGINAL MESSAGE------------>8
On Fri, 12 Jan 2001, Palis Michael wrote:

>Where do you put a sniffer on a swithed LAN? I am trying to capture
>what is happening on a LAN but i can no see all activity if I put the
>sniffer on a port on a switch.

>Any suggestion?

set up a reflector port on the switch. if you can't do that on your
switch, get a better switch. barring that, abuse it using macof or other
ARP spoofing tools.

see dsniff (http://www.monkey.org/~dugsong/dsniff/) for some info on
sniffing on a switch.

____________________________
jose nazario                                                 [EMAIL PROTECTED]
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to