Security Basics mailing list archives
Re: Network sniffing on the wire - managed switches
From: Tom Yarrish <tom () yarrish com>
Date: Mon, 29 Dec 2008 21:44:43 -0600
On Dec 29, 2008, at 11:21 AM, Burton Strauss III wrote:
That's what mirror mode or span mode (different switch vendors call it different things) does for you. Or you need a physical tap (cost about $1K). -----Burton -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ] OnBehalf Of Tom Yarrish Sent: Friday, December 26, 2008 1:11 PM To: security-basics () securityfocus com Subject: Network sniffing on the wire - managed switches Hey all, This may come off as somewhat of a newbie question, but it's one I've been curious about. When you are doing any sort of pen testing or sniffing on the wire, how do you handle a managed switch scenario. If you're connected to a switch on one port, how can you monitor the traffic on the the other ports if you're not in a monitor mode? I've never understood how you can sniff traffic other than the traffic from your machine to a destination. Thanks ahead of time, Tom
Thanks to all for the replies. I got the info I was looking for, but I don't think I worded my question well enough. I was aware of how to configure the switch to monitor the other ports on it, what I was thinking about was in a pen testing scenario, where you are hired to test out a company's security. So you're going at it in a covert way, for example sitting in the lobby and plugging at AP into a network jack and then sitting out in the car in the parking lot and "seeing what's out there." (again that's just an example of what I was looking for).
Most security testing I've done I've had access to the switch or at least worked with the network people so it hasn't been an issue. And this wasn't for any particular project, it was just one of those questions in the back of my mind. And if you don't ask the question you never find out the answer (even if it's a n00b one).
Thanks again everyone. Tom
Current thread:
- Network sniffing on the wire - managed switches Tom Yarrish (Dec 29)
- RE: Network sniffing on the wire - managed switches Mercurio, Michael D (Dante) (Dec 29)
- Re: Network sniffing on the wire - managed switches Calvin Maready (Dec 29)
- Re: Network sniffing on the wire - managed switches Preston Connors (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 29)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 29)
- RE: Network sniffing on the wire - managed switches Burton Strauss III (Dec 29)
- RE: Network sniffing on the wire - managed switches Rui Pereira (WCG) (Dec 30)
- Re: Network sniffing on the wire - managed switches Tom Yarrish (Dec 30)
- Re: Network sniffing on the wire - managed switches Kurt Buff (Dec 29)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)
- Re: Network sniffing on the wire - managed switches gmail (Dec 30)
- Re: Network sniffing on the wire - managed switches Jorge L. Vazquez (Dec 30)
- DNS Paper Craig Wright (Dec 30)
- Re: Network sniffing on the wire - managed switches ArcSighter Elite (Dec 30)