Security Basics mailing list archives
RE: Sniffing
From: "Timothy Donahue" <tdonahue () Haynes-Group com>
Date: Mon, 15 Dec 2003 14:04:24 -0500
Inline.
From: Shah H (Comp) [mailto:03004309 () glam ac uk] I'm not an expert in the Security Arena like many of the guys on this group & wanted some information about Sniffer Programs solely for education purpose. 1) On a Switched Network can Sniffers capture Network Traffic only for the switch it is connected to switch or for all the switches on the network?
None of the above. Sniffers on a switched network can only capture information destined for the MAC address of the NIC attached to the switch. Only traffic for that MAC will be delivered. On more advance switches, ie. Managed switches from Cisco or HP, you can assign a "span port" that will allow you to mirror the traffic from one port to another. This would allow you to sniff the traffic destined for that port. There are some sniffers which claim to be able to defeat this by using arp storms, but they are extremely dangerious applications. They can lead to DOS situations, and bring normally fast networks to their knees. (Many companies also list unauthorized sniffing as an offense that an employee can be terminated for.)
2) Can Sniffing be detected using a Network Intrusion Detection System and if yes then are there any Sniffing ways which are not detected by NDIS?
A correctly configured passive sniffer, no probably not. But you never know. Tim Donahue --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Sniffing Shah H (Comp) (Dec 15)
- Re: Sniffing Devilscrow Sr (Dec 15)
- RE: Sniffing Zachary Mutrux (Dec 16)
- <Possible follow-ups>
- RE: Sniffing Timothy Donahue (Dec 15)
- Re: Sniffing H Carvey (Dec 15)
- Re: Sniffing Jimi Thompson (Dec 17)