Results 1 to 6 of 6

Thread: can ettercap destroy/damage switch?

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    can ettercap destroy/damage switch?

    I have been messing with ettercap for some time now and understand how it works on the application, protocol, OSI levels, etc.

    What I'm not sure about is the harware.

    I know that switches work at the layer 2 (MAC) and sometimes layer 3 (network/vlans).

    In this case I'm using DLink and 3Com unmanaged workgroup switches. All layer 2.

    I have not had an opportunity to play with it on managed switches of any type... as my experimenting is limited mostly to my home network.

    Can using a program like ettercap damage a switch? Since it is forcing it to act as a hub and repeat all traffic through all ports...

    Thanks in advance!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Senior Member
    Join Date
    Nov 2002
    Posts
    382

    Re: can ettercap destroy/damage switch?

    Originally posted here by phishphreek80

    I know that switches work at the layer 2 (MAC) and sometimes layer 3 (network/vlans).
    Just an info VLAN is still layer 2! (IEEE 802.1q)

    Can using a program like ettercap damage a switch? Since it is forcing it to act as a hub and repeat all traffic through all ports...
    Switches r something that I know, I've been working into one implementation (h/w, f/w, s/w). And I never heard of such siwtch degradation.
    the switching is there to forward frames, fill the CAM etc, it does not really care about what it is forwarding. There is MTBF in datasheet that should say the disponibility performances of the equipement (like 2 years with max uninterrupted traffic).

    The only damage I could see are reversible, it could full up the flash because of counters, logs, ...
    A simply reset of non permanent object from the flash by rebooting will be a work around.
    Or u could find a firm bug, but normally these kinda test had been performed by the constructor (normally).
    If that occurs u should be able to upload the firm through consol port
    [shadow] SHARING KNOWLEDGE[/shadow]

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    The only real damage I can think of is if you don't ventilate the switch properly and it overheats. I've smelled a few switches fry and it's worse than a mainboard, plus allot more smoke.

    But like Networker said a simple reboot should fix whatever gets overburdened.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I have seen a few older switches, that when they were subjected to things like ettercap, or even things like NMAP or Nessus, essentially lose everything (basically like a factory reset, if you were lucky, if not, it had nothing, no IOS). I would say if you have newer equipment the chances are very remote that something non-recoverable would happen, with older equipment I would say that the chances are still remote, but more likely than with newer equipment.

    I would be more worried about the 3COM, I have seen nmap scans torch their routers, corebuilders, and Superstacks...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Just an info VLAN is still layer 2! (IEEE 802.1q)
    Doh! I should have known that... actually I did know that... just forgot temporarily...

    I'm not using very sophisticated switches... just messing about on my home LAN. I have a couple routers and very basic workgroup unmanaged switches that I have setup. I haven't noticed any problems as of yet... but I left ettercap running overnight on accident and thats why I was wondering about it.

    I'm not really allowed to mess about on my work network (where we have the good stuff).... so I torture my home equipment.

    Thanks for the info guys!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    115
    when using ettercap, it would do a arp-flooding, thus degradating performance. i have seen this on 2948's but haven't really seen too much degredation depending on the plugin you use on ettercap options.

    -w0rm3y

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •