Re: Whew! Can you smell that VLan?

Wed, 21 Mar 2001 14:17:32 -0800 

You're both right.  Normally plugged into the switch you only see traffic
passing through the port on the switch you're on.

HOWEVER, you can plug into most switches with a special configuration that
allows a workstation to sniff all packets on that switch.  It requires 2
NICs configured in a specific way and for the switch to support it.  Switch
needs to have VLANs mirrored, a regular TCP/IP port plugged in, and the 2nd
NIC configured according to documentation of your sniffer.

Here's a link for how Sniffer Pro does it:
http://www.findarticles.com/cf_0/m0IFW/16_21/54434926/p2/article.jhtml?term=
See previous page on that article for a little more info.

I did this once and it worked like a charm after I finally gave in & read
the docs ;)

SO, unless they have access to the switch & VLAN configuration, they can't.
That is, unless the uplink for the switch has a hub.  Then you can see
anything going into or out of the switch, but not within the switch from
port-port  ;)

Allen
----- Original Message -----
From: "NetEng" <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 21, 2001 3:45 PM
Subject: Whew! Can you smell that VLan?


> We have had a pissing match lately and here's the details. One person
states
> that a VLan can not be sniffed because it is on a different subnet. The
> other person says it can becuase it's physically on the same switch. I
think
> you can to a point. Here's what I mean; let's say we have a 3524 with two
> Vlans, VLAN1 (we'll call it InfoSys), and VLAN2 (called HR). If I have a
> sniffer running on InfoSys, I should be able to sniff traffic on my subnet
> as well as traffic from HR to InfoSys (ie HR employee accessing mail
server
> on InfoSys), right? The only difference is that the source MAC address
would
> change. I should not be able to sniff traffic local to HR (ie an employee
> accessing accounting software) right? What's the rub?
>
>
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to