2 reasons off the top of my head: 1) Port your in is a SPAN port for some reason. 2) There is a way to flood a switch with data, forcing it to revert back to a hub. Thus allowing a hacker to map your net.
If #2 is it, you may have other problems to research :) -----Original Message----- From: SB CH [mailto:chulmin2@;hotmail.com] Sent: Tuesday, October 08, 2002 10:03 PM To: [EMAIL PROTECTED] Subject: Why can I see other traffic at switch environment just tcpdump? Hello, all I have operated linux server at switch environment, and just with tcpdump, I can see some other traffic whic is not related with me without any other tool or trick. it means that I can sniff traffic without special sniffing tool at the switch , right? is it possible? but it's ture. for example, # tcpdump port 80 15:03:42.681171 eth0 P 211.47.130.114.1131 > 211.47.1.55.www: S my system has no relations with 211.47.130.114 or 211.47.1.55. just switch connected together with 211.47.1.55. Thanks in advance. _________________________________________________________________ MSN Messenger�� �ٿ�ε��Ͽ� �¶��λ� �ִ� ģ���� ��ȭ�� ��������. http://messenger.msn.co.kr
