Just a warning after reading Klones statement that you can't see other
traffic on a switch , apologies to those of you who know this already......
If a switch is bombarded with false MAC addresses then when it fills its MAC
address tables it is possible on some kit to force the switch to forward on
all ports , hence Jose Nazario's response.
Be wary of broadcast storms on your network this may not be desirable!!
Another useful link by the way is ----
http://lin.fsid.cvut.cz/~kra/index.html
8<----------ORIGINAL MESSAGE------------>8
On Fri, 12 Jan 2001, Palis Michael wrote:
>Where do you put a sniffer on a swithed LAN? I am trying to capture
>what is happening on a LAN but i can no see all activity if I put the
>sniffer on a port on a switch.
>Any suggestion?
set up a reflector port on the switch. if you can't do that on your
switch, get a better switch. barring that, abuse it using macof or other
ARP spoofing tools.
see dsniff (http://www.monkey.org/~dugsong/dsniff/) for some info on
sniffing on a switch.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
