Home page logo

basics logo Security Basics mailing list archives

RE: Caching a sniffer
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Wed, 24 Mar 2004 08:24:45 -0800

It was my understanding  that port mirroring was introduced because of 
the inherent differences between a switched environment and a hub


If someone is running a sniffer on your switched network and has the
to login to your switch, enable port mirroring, and sniff data, you
much bigger problems than just having a rogue sniffer on the network.

Incorrect. A switch is basically a hub and router in one. You can flood
MAC address table of the switch, where is decides what port has what
on it so it knows what port to route the traffic to. Once the table is
switches then 'turn-off' the routing/switching systems and the switch
becomes a hub. There is a program called macoff that does this. So you
need to have access to the switch to sniff the entire network.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]