Home page logo

basics logo Security Basics mailing list archives

RE: Caching a sniffer
From: "Nero, Nick" <Nick.Nero () disney com>
Date: Thu, 25 Mar 2004 15:47:25 -0500

Great article covering about everything you can do on Layer2 . ..


-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Thursday, March 25, 2004 11:21 AM
To: 'Andrew Shore'
Cc: security-basics () securityfocus com
Subject: RE: Caching a sniffer

A switch is not a hub/router. In fact it is a micro segmented bridge.

A switch operates at layer 2 of the OSI model ie MAC address layer. 

  Amen, brother.
Therefore if someone has plugged a scanner into a network point they 
will not be able to sniff any useful information from the network 
unless that person has admin access to the switch. You can check this 
by ensuring that none of the ports on the switches are in span mode

  While you need admin access to set up a span port, Shawn and I have
alluded to two different techniques which can allow non-admin users to
sniff traffic on a switched network.  It's true that neither of these is
quite "normal behaviour" -- they involve using special tools to modify
the behaviour of hosts or switches.  But the tools exist and are readily
available, and so the issue that confronts admins is how to detect
and/or frustrate their use.

David Gillett

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]