Home page logo
/

basics logo Security Basics mailing list archives

RE: Caching a sniffer
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 23 Mar 2004 10:12:27 -0800

  I'm aware of SPAN, of course.  I use it routinely to *enable*
sniffing, not PREVENT it.  (I took "Caching" to be an obvious
misspelling of "Catching" -- was that my mistake?)

  What I don't see is how it can be described as "disable all it's 
port to allow promiscuous mode across the network", which sounds
like maybe it means a switch command to either prevent client
devices from going into promiscuous mode, or shut down the switch
ports of clients who do.  If such a command existed, it would be
a great way to prevent users from sniffing each other's traffic,
but I don't believe it does.

David Gillett

-----Original Message-----
From: Shawn Jackson [mailto:sjackson () horizonusa com]
Sent: Tuesday, March 23, 2004 9:49 AM
To: gillettdavid () fhda edu; ksaenz () spinaweb com au
Cc: security-basics () securityfocus com
Subject: RE: Caching a sniffer


Could you, for instance, give the Cisco command(s) which do 
what you're

trying to describe?

It's called Port Mirroring or SPAN.
http://www.cisco.com/warp/public/473/41.html.

Almost all (good) switches have that functionality, you just need to
find it.

CAT1900 Example
http://www.effetech.com/help/cisco-span.htm


Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]