Re: sniffing packets on a switch

["Kenzo" <kenzo_chin () hotmail com>]

Good Point, I tried using it at home and at work and yes, it totally crates
lags.
The performance downgrade is easily noticable to the point that some apps at
the host you're sniffing will time out or give some error message.
Otherwise it's cool to play with.
I would recoment using a Spanning port if possible.


----- Original Message -----
From: "Fields, James" <James.Fields () bcbsfl com>
To: "'Scott Borre'" <sfborre () yahoo com>; <security-basics () securityfocus com>
Sent: Monday, March 10, 2003 6:44 AM
Subject: RE: sniffing packets on a switch


> Several posters have replied recommending you use Ettercap.  I strongly
urge
> you NOT to do this if you are on a corporate network.  Ettercap attempts
to
> defeat the normal behavior of the switched environment using something
> called "arp poisoning" to trick hosts on the switch into sending you their
> packets.
>
> Use of Ettercap may cause degraded performance of the sniffed hosts or the
> subnet in general, especially if it is a busy subnet.  At my company this
> would grounds for immediate termination and possibly legal action.
>
> -----Original Message-----
> From: Scott Borre [mailto:sfborre () yahoo com]
> Sent: Friday, March 07, 2003 6:55 PM
> To: security-basics () securityfocus com
> Subject: sniffing packets on a switch
>
> I am interested in what people recommend using to
> sniff packets on a switch. I have heard that TCPdump
> has some problems doing this. Thank you ahead of the
> time for any assistance.
>
> Scott Borre
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
>
>
>
> Blue Cross Blue Shield of Florida, Inc., and its subsidiary and
> affiliate companies are not responsible for errors or omissions in this
e-mail message. Any personal comments made in this e-mail do not reflect the
views of Blue Cross Blue Shield of Florida, Inc.
>