RE: Caching a sniffer

["Shawn Jackson" <sjackson () horizonusa com>]

> It was my understanding  that port mirroring was introduced because of 
> the inherent differences between a switched environment and a hub
environment.

Correct.

> If someone is running a sniffer on your switched network and has the
ability 
> to login to your switch, enable port mirroring, and sniff data, you
have 
> much bigger problems than just having a rogue sniffer on the network.

Incorrect. A switch is basically a hub and router in one. You can flood
the
MAC address table of the switch, where is decides what port has what
MAC's
on it so it knows what port to route the traffic to. Once the table is
full
switches then 'turn-off' the routing/switching systems and the switch
then
becomes a hub. There is a program called macoff that does this. So you
don't
need to have access to the switch to sniff the entire network.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------