Penetration Testing mailing list archives
Re: [PEN-TEST] Layer 3 Sniffing
From: Dave Ryan <dave () DEFAULT ORG UK>
Date: Thu, 28 Sep 2000 23:50:33 +0100
Dave +-----------------------------+ | Dave Ryan | | Default Security | | http://www.default.org.uk | +-----------------------------+ On Thu, 28 Sep 2000, Justin Funke wrote:
I have been doing some research on sniffing switched networks and I have a quick question that has presented itself. Now that the new switches are using Layer 3 switching technology with ABC (Automatic Broadcast Control) how are you able to forward your broadcast packet to the other clients to request the traffic you want to sniff if the switch is stopping the broadcast and answering the request itself?
you are attacking the switch at L2 thus by passing any of the L3 restrictiveness that the switches imply. are number of possibilities exist depending on the switch, some might be vulnerable to mac_of attacks which basically means over populating the mac table (or CAM on cisco's - content addressable memory) which would cause the switch to stop switching as such and fall into an open state like a hub which would allow for normal switchin etc. (2nd) if you have access to the switch you could set it into span mode (again on cisco's) which would allow you to redirect all traffic on a switch to a single port - this is for admin/monitoring purposes etc. now the fun way is to use some of the great tools out there, my favourite being fragrouter and arpredirect (can i just take this time to say dug song rocks) and any sniffer - dsniff etc. At this point its is possible to spoof the hardware address (by updating the mac states quicker than the real host) of your target (in most cases the gateway/router) and keep a static entry of the address in your mac table. once the ethernet traffic is being redirected to you its simply a matter of setting yourself up as a transparent bridge for what of a better statement (its 9:30 and the pub is calling me), at which point all traffic is redirected through you and on to the gateway - your friendly neighbourhood sniffer comes into play here and just captures your intended traffic etc etc blah blah..you gt the idea, if you dont email me. rgds,
Or I am missing something here? Thanks, Justin Funke
#include <disclaimer.h> //etc
Current thread:
- [PEN-TEST] Layer 3 Sniffing Justin Funke (Sep 28)
- Re: [PEN-TEST] Layer 3 Sniffing Jonathan Rickman (Sep 28)
- Re: [PEN-TEST] Layer 3 Sniffing Erik Tayler (Sep 28)
- Re: [PEN-TEST] Layer 3 Sniffing Dave Ryan (Sep 28)
- Re: [PEN-TEST] Layer 3 Sniffing Jonathan Rickman (Sep 28)