2 reasons off the top of my head: 1) Port your in is a SPAN port for some reason. 2) There is a way to flood a switch with data, forcing it to revert back to a hub. Thus allowing a hacker to map your net.
If #2 is it, you may have other problems to research :) -----Original Message----- From: SB CH [mailto:chulmin2@;hotmail.com] Sent: Tuesday, October 08, 2002 10:03 PM To: [EMAIL PROTECTED] Subject: Why can I see other traffic at switch environment just tcpdump? Hello, all I have operated linux server at switch environment, and just with tcpdump, I can see some other traffic whic is not related with me without any other tool or trick. it means that I can sniff traffic without special sniffing tool at the switch , right? is it possible? but it's ture. for example, # tcpdump port 80 15:03:42.681171 eth0 P 211.47.130.114.1131 > 211.47.1.55.www: S my system has no relations with 211.47.130.114 or 211.47.1.55. just switch connected together with 211.47.1.55. Thanks in advance. _________________________________________________________________ MSN Messenger¸¦ ´Ù¿î·ÎµåÇÏ¿© ¿Â¶óÀÎ»ó¿¡ Àִ ģ±¸¿Í ´ëȸ¦ ³ª´©¼¼¿ä. http://messenger.msn.co.kr