Security Basics mailing list archives
RE: Caching a sniffer
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Wed, 24 Mar 2004 17:36:51 -0800
If someone is running a sniffer on your switched network and has the
ability
to login to your switch, enable port mirroring, and sniff data, you have much bigger problems than just having a rogue sniffer on the
network.
Incorrect. A switch is basically a hub and router in one.
Routers work on layer 3, not layer 2.
Correct, but there are numerous functions on a switch that operate at Layer 3 in addition to frame forwarding at Layer 2. Switches can perform IP based decisions (ACL's, etc) that operate at the 3rd layer of the OSI model, which doesn't negate what I stated. Though a switch is not exclusively a layer 2 device, neither is a router exclusively a layer 3 device to hold a IP-to-MAC ARP cache. Most devices have core functionality across multiple layers of the OSI and DOD models, but terms like Switches or Router don't point to a core functionality at a specific layer, but rather a action the device performs, i.e. a router routes data across different interfaces much like a switch 'routes' data across interfaces (switch-ports). Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Caching a sniffer, (continued)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 24)
- RE: Caching a sniffer David Gillett (Mar 24)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 24)
- RE: Caching a sniffer Fernando Gont (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer Shawn Jackson (Mar 25)
- RE: Caching a sniffer Andrew Shore (Mar 25)
- RE: Caching a sniffer Paul Blackstone (Mar 25)
- RE: Caching a sniffer Byron Copeland (Mar 26)
- Re: Caching a sniffer Aaron (Mar 29)
- RE: Caching a sniffer Paul Blackstone (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 25)
- RE: Caching a sniffer David Gillett (Mar 26)