What you could actually do is create a mirrored port on your switch and sniff all the traffic that way
-----Original Message----- From: GomoR [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 4:50 AM To: Marc Mc Guinness Cc: [EMAIL PROTECTED] Subject: Re: Packet Sniffing in a Switched LAN On Sat, 10 Nov 2001 00:32:18 +0100 Marc Mc Guinness <[EMAIL PROTECTED]> wrote: > > > Hello! > > Am Donnerstag, 8. November 2001 23:24 schrieb Matt Hemingway: > > If it's a switched network, which the subject of this e-mail > > states, than Ethereal won't work. The best tool for a switched > > network is ettercap (ettercap.sourceforge.net). > > > > Personally I use Arpwatch (no url available) to find all hosts on > > the network and than use Ettercap to sniff the victim. > > > > If this is a hubbed network than Ethereal works like a charm. > > I don't understand that. Can anybody explain it to me? Why is > ethereal not good for a switched LAN, but for a hubbed one it is? > I'm starting to work with ethereal at the moment (in a switched > network). > It is because a switch is an "intelligent" hub. It is intelligent, because it sends only packets to the real destination host, not to all hosts connected to the wire. For example, if a machine A sends a packet to machine B, and there is a third machine (C, for example), and they are all connected to a hub, machine B and C will receive the packet. But if the hub was a switch, only machine B was receiving this packet. In conclusion, if you sniff in a switched environment, you will only sniff packets destined to your host. I hope I'am quite understood :) ========================================================== FreeBSD Network - http://www.gomor.org/ Security Engineer Junior ========================================================== =-----=> root is the only God I believe in <=-----=
