I made use of arpspoof(guess is part of dsniff utility) to sniff the switch.This utility is freeware and can be downloaded.Span and tap are other methods of sniffing a switch.
icmpredirectsend utility from princeton is another utility to sniff a particular host.http://www.net.princeton.edu Cheers ----- Original Message ----- From: cpmurphyiii <[EMAIL PROTECTED]> Date: Thursday, March 13, 2003 10:09 am Subject: RE: sniffing packets on a switch > Brad, > > You can try to use ettercap. It can be found at at.net/projects/ettercap/?topic_id=150%2C43. Very good > utility. Set up a MITM PC running Linux. You will sniff all nodes on > the segment. The tool even offers an ARP poisoning option, which will > allow you to interject your own packets into the transmission. > > -----Original Message----- > From: Brad Davenport [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 11, 2003 1:19 PM > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > Subject: RE: sniffing packets on a switch > > On Cisco's switches you can use the SPAN feature to send a mirror of > data > received on a given port to another port. > > IE, your firewall port is spanned to another switchport to allow your > IDS to > sample all incoming data destined for the trusted net. > > --BD > > -----Original Message----- > From: David Gillett [mailto:[EMAIL PROTECTED] > Sent: Monday, March 10, 2003 11:02 AM > To: [EMAIL PROTECTED] > Subject: RE: sniffing packets on a switch > > Do you know what kind of problems? > > The most obvious problem with doing this is that, by > default, your sniffer machine's port on the switch will > only be sent traffic that is either broadcast, or addressed > specifically to the sniffer host. > Most switches offer a way that the switch administrator > can direct that traffic for one or more other ports be > copied to the sniffer's port. That's not a sniffer > program issue. > > There *are* ways to try that may make this happen if > you don't have administrative access to the switch, and > there might even be some tools around that automate > such measures. But on most well-run networks, people > without admin access to things like switches are also not > authorized to be running sniffers, so let's not go there > in a public forum.... > > David Gillett > > > > -----Original Message----- > > From: Scott Borre [mailto:[EMAIL PROTECTED] > > Sent: March 7, 2003 15:55 > > To: [EMAIL PROTECTED] > > Subject: sniffing packets on a switch > > > > > > I am interested in what people recommend using to > > sniff packets on a switch. I have heard that TCPdump > > has some problems doing this. Thank you ahead of the > > time for any assistance. >
