RE: Caching a sniffer

["Shawn Jackson" <sjackson () horizonusa com>]

> > If someone is running a sniffer on your switched network and has the
ability
> > to login to your switch, enable port mirroring, and sniff data, you
> > have much bigger problems than just having a rogue sniffer on the
network.
> > Incorrect. A switch is basically a hub and router in one.

> Routers work on layer 3, not layer 2.

Correct, but there are numerous functions on a switch that operate at
Layer 3
in addition to frame forwarding at Layer 2. Switches can perform IP
based decisions
(ACL's, etc) that operate at the 3rd layer of the OSI model, which
doesn't negate
what I stated. Though a switch is not exclusively a layer 2 device,
neither is a
router exclusively a layer 3 device to hold a IP-to-MAC ARP cache. Most
devices 
have core functionality across multiple layers of the OSI and DOD
models, but terms 
like Switches or Router don't point to a core functionality at a
specific layer, but 
rather a action the device performs, i.e. a router routes data across 
different interfaces much like a switch 'routes' data across interfaces
(switch-ports).

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------