A great program for sniffing a switched LAN is Ettercap (http://ettercap.sourceforge.net). Used in conjunction with Arpwatch (http://www.securityfocus.com/tools/142) you get a good idea on how this works and how you can detect someone using a tool like Ettercap.
-Matt On Tuesday 12 March 2002 07:58, leon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I found this very good article I wanted to share with the group since > I see the question come up a lot. > > I found it informative I hope you do also. > > > For those who think switched Ethernet environments are sniff-proof, > the author offers this warning. Switches may be difficult to sniff, > but they are certainly not immune. As is clear from the above > sections, one method of sniffing in a switched environment is using > ARP spoofing, and the machine that will most probably be ARP spoofed > is the gateway. > > http://www.linuxsecurity.com/articles/network_security_article-4551.ht > ml > > > Regards, > > Leon > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPI4lmdqAgf0xoaEuEQL2pQCffY5f4dArBsXzzBwqPVpQ3D5Fs8oAoL3m > XOh7wYu4O8KoTCmsuhhgosbz > =Ys0V > -----END PGP SIGNATURE----- -- -------- -------- -------- Matt Hemingway SupplyEdge [EMAIL PROTECTED] 800-733-3380x136 -------- -------- --------
