> ... but when watching the protocol analyzer I see ...
IMHO these days Ethernet eavesdropping really isn't much of an issue (despite
conventional wisdom:-). Much more dangerous are spyware/trojan keyloggers;
server penetration is annother danger.
Eavesdropping on all network traffic from any connection used to be a big
problem when network hubs repeated all traffic everywhere. Although Ethernet
has changed hugely, the old paranoia remains. Any modern device is
a "switch" (not a "hub") and only directs traffic to the one port it's destined
for, so nobody else can eavesdrop.
Of course even with "switches" you should take some reasonable precautions:
1) Ensure whatever you do to get your sniffer to work is inaccessible to
users.
2) Keep all network infrastructure physically inaccessible, perhaps by locking
the wiring closets.
3) Restrict (password protect and more) and monitor "remote" access to all
network infrastructure devices.
4) Keep all servers (Squid, etc.) physically inaccessible.
5) Severely restrict (or disallow altogether) "remote" access to all servers
(ex: only SSH and never as root and only with a public/private key).
6) Avoid using those cheap "mini-hubs" (often 5-port) unless you're sure your
model really function as switches despite their name.
thanks! -Chuck Kollars
