Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: arpspoofing

RE: arpspoofing

From: Lee Brotherston <lee.brotherston_at_uk.easynet.net>
Date: Fri, 8 Feb 2002 17:33:44 -0000

| Any other ways to sniff in a switched enviorment?

There are a couple of other ways to sniff traffic on a switched network
assuming you have physical access to network:

- Alot of switches these days have the option of configuring a mirror port.
This port get's duplicates of traffics from all other ports. So you can see
everything. This port does get the aggregate of the others remember, so it
will be high bandwidth.

- You could place a machine on the networks' uplink running in bridging
mode. Doing this you will only see traffic that is going over the uplink
however, as local traffic will be sent via the switch only, and will not
touch the uplink. And you have the downside of causing an outage when you
install/remove the machine.

Thanks

  Lee 

-- 
Lee Brotherston  -  IP Security Manager, Easynet Ltd
http://www.easynet.net/         Phone: +44 20 7900 4444
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Feb 11 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]