Security Basics mailing list archives
ethereal capture
From: "Cat Thrasher" <isd607 () co santa-cruz ca us>
Date: Wed, 17 Sep 2003 16:17:39 -0700
Hi, Please advise on my question. I thought when you are sniffing a switched segment, you are only seeing broadcast traffic. I see source Workstation(not the one I am monitoring on)--Dest Webserver inside on my network and protocol http. Please tell me if this is usual. I have ethereal on a laptop. I did a port monitor on a Cisco Switch and captured traffic from one port. (so I thought) I thought I'd only see what the workstation on port fast ethernet 0/ 38 was doing. But like I said above, I see lots of http conversations and tcp conversations where the dest port is not all F's, or 255's. And the source is not the workstation on the port I am monitoring. Thanks alot. Cat Thrasher --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- ethereal capture Cat Thrasher (Sep 17)
- Re: ethereal capture Matt Simmons (Sep 18)
- Re: ethereal capture ericbrouwers (Sep 22)
- <Possible follow-ups>
- RE: ethereal capture Tenorio, Leandro (Sep 18)
- RE: ethereal capture Hagen, Eric (Sep 18)
- RE: ethereal capture Fields, James (Sep 18)