UGH.. OK.. Last time we should go over sniffing a switched lan on this list. People.. read the archive!
ethereal is just a sniffer. Any sniffer will sniff the wire. Not all sniffers will do the appropriate measures to allow you to see ALL packets going through your switch. Safest method: Get into the switch and setup one port to be a mirror or monitor port which will show all traffic on all designated ports on the mirror port. Plug ANY sniffer into that port and turn it on. You can now sniff that entire switch. Not as safe method: Flood the switch with a whole mess of spoofed ARP packets with random MAC addresses. Many switches will die and go into "hub" mode and you can then see all traffic. Not as safe method B: (My preferred method) Use any arpspoofing program to masquerade yourself as the default gateway (or the machine you want to sniff). Make sure you have routing turned on so that you then pass the packets you sniff to their rightful owner. If you don't do this correctly you will essentially knock the machine you are trying to sniff off the wire for a while. If that turns out to be the gateway have fun explaining this to your system administrator :) Last but DEFINITELY not least get dsniff. www.monkey.org/~dugsong/dsniff Read all the documentation and have fun sniffing your switch. --The Crocodile --www.ghettohackers.net ----- Original Message ----- From: "None" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 26, 2001 2:17 PM Subject: Re: Packet Sniffing in a Switched LAN > www.ethereal.com > > will capture packet/segment/frame...anything sent on the wire > many option and filters... > > ----- Original Message ----- > From: "Jacques Chicourel Nunes Vaz - BA" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 25, 2001 1:33 PM > Subject: Packet Sniffing in a Switched LAN > > > Hi folks, > > I have a Lan with 200 desktops and IŽd like to sniff it. What tool can I use > to see all the packets ( going and coming ) ? > Any suggestions ? > > Regards, > > Jacques > >
