by Kris Kielhofn » Thu, 10 Jan 2002 03:53:21
Thanks,
Kris
by jose » Thu, 10 Jan 2002 04:21:04
the other options are to flood the switch with false MAC addresses (see
dsniff's macof tool) to have it flood its tables and revert to
forwarding all traffic to all ports or to arpspoof the target you wish
to observe so the switch will send the data to two ports and not just
one.
by Derick Siddow » Thu, 10 Jan 2002 04:21:56
You are correct. Sniffing only works on shared segments, such asQuote:> I have always wondered, what happens when you put an ethernet adapter
> that is on a switched LAN into promiscuous mode (as with tcpdump),
> does it still recieve all of the LAN's ethernet traffic? I would
> think that it wouldn't as the switch wouldn't know to send data to
> that MAC address that is destined for another. Am I right on this?
--
Derick Siddoway II. Impact Non-privileged primitive users can
fleet and gain unauthorized access to files.
-- CERT Advisory CA-96.13
by Berk S. Daemo » Thu, 10 Jan 2002 04:35:41
Won't listen to all traffic other than the 'port' you're on.Quote:> I have always wondered, what happens when you put an ethernet adapter
> that is on a switched LAN into promiscuous mode (as with tcpdump),
> does it still recieve all of the LAN's ethernet traffic? I would
> think that it wouldn't as the switch wouldn't know to send data to
> that MAC address that is destined for another. Am I right on this?
> Thanks,
> Kris
Although, if you want to sniff a switched environment, check out dsniff's
suite of tools. Developed by Dug Song, www.monkey.org/~dugsong/dsniff/ I
believe is the URL. He's one of the OpenBSD developers, so on his ftp he has
lots of goodies too.
There are various ways to sniff switched network, and people who believe
switched networks are more secure, are simply wrong.
Regards!
by jp » Thu, 10 Jan 2002 05:03:55
I believe switched networks make sniffing slightly more difficult. Just notQuote:> There are various ways to sniff switched network, and people who believe
> switched networks are more secure, are simply wrong.
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
1. Promiscuous mode ethernet adapters
The 3COM 3C509 with the correct driver will support prom. mode. It is
required for Lanalyzer for Windows.
scd
____________________________________
Stephen C. Dickey
Corbett Systems Development
PO Box 2347
Colorado Springs, CO 80901-2347
303.674.0700 voice
719.520.9092 voice
719.633.8594 fax
____________________________________
3. Ethernet interface in promiscuous mode without ip adress.
5. Network Promiscuous Mode Ethernet Detector software?
6. Is server speed adjustable?
7. ethernet card in promiscuous mode with aDSL routers
8. Turning off ethernet promiscuous mode (Was: [SUMMARY] identd for Indy/IRIX 5.3)
9. PCMCIA Ethernet & promiscuous mode
10. Ethernet card promiscuous mode
11. Sun ethernet in promiscuous mode? Really?
12. Turning off ethernet promiscuous mode