On Tue, 11 Mar 2003, Scott Harney wrote: > Not really. You don't see much more than arp requests. It's quite > reminiscent of trying to sniff on a switch port (that's not set up for > monitoring of course, just a standard switch port)
And you see tons of netbios broadcasts. At least i did on Cox cable modem in Hammond. I always wondered though, is this bridging done at the cable modem itself, or further upstream at the headend? Seems to me based on the physical layout of the coax network, it'd be hard (impossible?) to bridge upstream. I never did figure out how to change the modem firmware and/or connect a device outside the modem to see what traffic was really coming down the line into my house. > It only gets interesting when you poison the arp cache (ala dsniff > http://naughty.monkey.org/~dugsong/dsniff/). Yes I have done this but > at the time it was a network I managed and I wasn't about to bust > myself ;). Actually I wanted to see how well it worked -- quite well > actually. I would strongly advise against doing this on your > cable/dsl connection as it may indeed attract attention. However if > you manage a switched lan, you may find some educational benefit in > testing it out. Agreed, dsniff rules. Here are the utils it comes with: arpspoof dnsspoof dsniff filesnarf macof mailsnarf msgsnarf sshmitm tcpkill tcpnice tcphijack urlsnarf webmitm webspy. Pretty cool stuff... you can cause|learn all sorts of havoc|info. tcpkill is my favorite...hehe -ray
