Home page logo

basics logo Security Basics mailing list archives

RE: Caching a sniffer
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Wed, 24 Mar 2004 17:36:51 -0800

If someone is running a sniffer on your switched network and has the
to login to your switch, enable port mirroring, and sniff data, you
have much bigger problems than just having a rogue sniffer on the
Incorrect. A switch is basically a hub and router in one.

Routers work on layer 3, not layer 2.

Correct, but there are numerous functions on a switch that operate at
Layer 3
in addition to frame forwarding at Layer 2. Switches can perform IP
based decisions
(ACL's, etc) that operate at the 3rd layer of the OSI model, which
doesn't negate
what I stated. Though a switch is not exclusively a layer 2 device,
neither is a
router exclusively a layer 3 device to hold a IP-to-MAC ARP cache. Most
have core functionality across multiple layers of the OSI and DOD
models, but terms 
like Switches or Router don't point to a core functionality at a
specific layer, but 
rather a action the device performs, i.e. a router routes data across 
different interfaces much like a switch 'routes' data across interfaces

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]