Penetration Testing mailing list archives
RE: arpspoofing
From: "Adrian Lazar" <alazar () node bc ca>
Date: Fri, 5 Apr 2002 09:59:58 -0800
Visit the following sites for more information: http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm http://www.monkey.org/~dugsong/dsniff/faq.html#How%20do%20I%20sniff%20in %20a%20switched%20environment Two useful tools that you can use: dsniff and ettercap. Hope this helps. Cheers, Adrian Lazar Chief Security Officer (CSO) Node Solutions, Inc. (604) 821-1696 -----Original Message----- From: Erlend J. Leiknes [mailto:nookie () online no] Sent: Tuesday, February 05, 2002 11:01 AM To: pen-test () securityfocus com Subject: arpspoofing Im testing a network for clear-text password leakage. (Unencrypted protocols) Since its a switched enviorment I have to arpspoof or macflood. Macflooding had no success, shouldnt the switches be degraded to hubs when their mac-tables get filled? And when I arpspoof using the redirecting data from the gateway to the laptop, pings wont get through, and i sent some clear text on purpose from machines that had gotten their arp table poisoned. Still it seemed like it didnt work too well. The question is: if arp -a (on windows 98) shows: Interface: x.x.x.204 --- 0x2 Internet Address Physical Address Type x.x.x.1 00-10-14-26-60-38 dynamic x.x.x.5 00-50-da-37-93-5b dynamic x.x.x.6 00-50-da-37-93-5b dynamic who will recive the packages. 5, 6 or both? Any other ways to sniff in a switched enviorment? ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: arpspoofing Adrian Lazar (Apr 06)