On Thu, 2004-03-25 at 14:19, Paul Blackstone wrote:
Or unless the person uses something like D-Sniff or one of the other similar
From: Andrew Shore [mailto:andrew.shore () holistecs com]
Sent: Thursday, March 25, 2004 4:15 AM
To: Shawn Jackson; Patrick Toomey
Cc: security-basics () securityfocus com; ksaenz () spinaweb com au;
gillettdavid () fhda edu
Subject: RE: Caching a sniffer
A switch is not a hub/router. In fact it is a micro segmented bridge.
A switch operates at layer 2 of the OSI model ie MAC address layer.
If a device is plugged into a switch port it will only see traffic sent
to it (and broadcasts) it will not be able to see all the traffic on the
network, ie between other PCs and the servers.
I'm sorry, I would have to completely disagree with that last statement. A nice little
utility called "ettercap" will sniff all connections whether it be router
or switch or hub. It has a lot of other nice features as well, like packet injection, kill
connections, and will collect passwords, SSH1, HTTPS, etc.
Not hard to find, just google for ettercap.