Home page logo

basics logo Security Basics mailing list archives

Re: switched n/w
From: easternerd <easternerd () gmx net>
Date: Fri, 10 Dec 2004 15:45:31 +0530

Hi All,

I am just wondering how come no one ever mentioned Port - Spanning :)
This is a well known technique used to direct the traffic of a series of ports in a switch to one particular port. So administrators can sniff on it. Well i know this has nothing to do with your situation as you yourself seem
to be the administrator of the network

Just thought i would chip in with this as its a very well know technique in a switching environment. You can take a look at this page for info on network taps http://www.securityfocus.com/infocus/1594

Email Correspondence:
easternerd () securityrisk org
easternerd () gmx net

q q wrote:


has two utilities that youo may find useful:

From the site:
"sTerm is a Telnet client with a unique feature. It can establish an
entire bi-directional Telnet session to a target host never sending
your real IP and MAC addresses in any packet. By using "ARP
Poisoning", "MAC Spoofing" and "IP Spoofing" techniques sTerm can
effectively bypass ACLs, Firewall rules and IP restrictions on servers
and network devices. the connection will be done impersonating a
Trusted Host."

"ArpWorks is an utility for sending customized 'ARP announce' packets
over the network. All ARP parameters, including the Ethernet Source
MAC address (the phisical address of your network card) can be changed
as you like. Other features are: IP to MAC resolver, subnet MAC
discovery, host isolation, packets redirection, general IP confict."

Computing tutorials and general geekiness at http://www.puremango.co.uk

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]