Home page logo
/

basics logo Security Basics mailing list archives

Re: Caching a sniffer
From: Patrick Toomey <ptoomey3 () mac com>
Date: Tue, 23 Mar 2004 20:59:46 -0500

I haven't been following the complete thread, but scratched my head after reading the recommendation on port mirroring. It was my understanding that port mirroring was introduced because of the inherent differences between a switched environment and a hub environment. Switches by default don't let any one port listen to all traffic (unlike a hub where all users have this ability), and thus there was a need on managed switches for administrators to selectively allow certain ports to act as though they were on a hub, to place an passive IDS, or to debug general network traffic. If someone is running a sniffer on your switched network and has the ability to login to your switch, enable port mirroring, and sniff data, you have much bigger problems than just having a rogue sniffer on the network.

On Mar 23, 2004, at 12:49 PM, Shawn Jackson wrote:

Could you, for instance, give the Cisco command(s) which do what you're

trying to describe?

It's called Port Mirroring or SPAN.
http://www.cisco.com/warp/public/473/41.html.

Almost all (good) switches have that functionality, you just need to
find it.

CAT1900 Example
http://www.effetech.com/help/cisco-span.htm


Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

----------------------------------------------------------------------- ---- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------- -----



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault