Security Basics mailing list archives
RES: Sniffer - How's the best way to deploy ?
From: "Ricardo Perin" <ricardop () locaralpha com br>
Date: Wed, 12 Jul 2006 10:21:26 -0300
I haven't sure if ethereal supports PLC network, I think not. Some switches have a port called PROBE PORT that is used exactly for this. All the traffic in the network passes through him. I don't know if Cisco call this port with other name, but.... Ricardo Perin
-----Mensagem original----- De: Lukasz Szmit [mailto:lukasz.szmit () ucd ie] Enviada em: quarta-feira, 12 de julho de 2006 08:53 Para: marcioacosta () gmail com Cc: security-basics () securityfocus com Assunto: Re: Sniffer - How's the best way to deploy ? Hi Marcio,Our first step is to isolate the PLC possible issue, so we will deploya sniffer on the Switch 2955 that this PLC network is connected to. To do that were going to put a desktop with Ethereal installed on one of empty port on this switch and mirror the PLC switch port to the desktop switch port.My doubt is: How s the best way to do it ? - I think this desktop must have two NIC, one with no ip configurationand other with ip configuration and also connected to another port that we can collect the data You would need only one NIC, put into promiscious mode and listening for traffic on a spanned (monitor session) port. This way you should capture all data flowing between both endpoints.- Whats the best sniffer to harvest this kind of data? Ethereal?If you're on Unix/Linux tcpdump or ethereal are the best choice, under Windows you probably won't find anything better than ethereal.- Hows the best way to log this data? Is there any software for Windowsto do it? Well, with ethereal you can save the capture in libpcap format and than analyze it whenever it suits you - both with tcpdump and ethereal. regards, -- Lukasz Szmit University College Dublin -------------------------------------------------------------------------- - This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html -------------------------------------------------------------------------- -
--------------------------------------------------------------------------- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html ---------------------------------------------------------------------------
Current thread:
- Sniffer - How's the best way to deploy ? marcioacosta (Jul 11)
- RE Sniffer - How's the best way to deploy ? Francois Labreque (Jul 12)
- Re: Sniffer - How's the best way to deploy ? Lukasz Szmit (Jul 12)
- RES: Sniffer - How's the best way to deploy ? Ricardo Perin (Jul 12)
- Re: RES: Sniffer - How's the best way to deploy ? Lukasz Szmit (Jul 12)
- RES: Sniffer - How's the best way to deploy ? Ricardo Perin (Jul 12)