Or, to expand the question further, for a Windows-based sniffer, does the Promiscuous Mode driver block even NetBIOS chatter from transmitting on the NIC plugged into the SPAN Switch Port??
I've never paid attention to data captures for that, but I think that a Windows-based Sniffer would give itself away by means of its NetBIOS broadcast to identify itself with other Windows clients. If that occurred, then I think the Port Security would come into action. Priscilla, care to comment?!?! Mark -----Original Message----- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 2:25 PM To: [EMAIL PROTECTED] Subject: Re: Port Security on 3550 [7:53446] well I guess we're mixing up directions........... yes incoming from a device attached to a port on the switch. which would still help him but wouldn't be perfect. no, the port wouldn't shut down if a promiscuous mode nic was plugged in. It would receive everything. but that PC would not be able to send anything - to do so the switch would learn it's MAC - which wouldn't match and the port would shut down. But consider this....... what info is passed between the switch and the NIC so that the Link light goes on? I don't know... will the switch still learn the MAC even if "real" traffic is not passed? Kevin Wigle ----- Original Message ----- From: "Sasa Milic" To: Sent: Tuesday, September 17, 2002 2:40 PM Subject: Re: Port Security on 3550 [7:53446] > Kevin, > > port security works by monitoring INCOMING traffic to the switch. > If source mac in incoming packets is not the one configured, port > is either blocked or snmp trap is sent. > > And what if another computer use the port without sending any > traffic (just capturing traffic, without sending anything) ? > Switch won't shut it down. > > Sasa > > Kevin Wigle wrote: > > > > well I think port security would still be helpful. Port security is > > concerned with outgoing traffic from the port not incoming. > > > > setting the security to allow only one MAC would prevent another computer > > from using the port. > > > > If another computer tried to use the port with the wrong MAC then the port > > would shut down after 90 seconds. > > > > Kevin Wigle > > > > ----- Original Message ----- > > From: "Sasa Milic" > > To: > > Sent: Tuesday, September 17, 2002 1:20 PM > > Subject: Re: Port Security on 3550 [7:53446] > > > > > With "port security" command, but it won't help you. Anyone > > > can connect passive sniffer to that port, and switch won't > > > block the port since there is no incoming traffic (you > > > will configure port to be SPAN, right ? So anyone can sniff > > > on that port). > > > > > > Sasa > > > > > > > > > JohnZ wrote: > > > > > > > > How do you enable port security on a 3550. I want to use a port for > > sniffer > > > > and want to make sure that only my laptop is able to gain access on > that > > > > certain port. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53507&t=53446 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]