-
April 5th, 2007, 02:24 AM
#11
A lot of switches do not have a mirroring mode that makes the switch act like a hub. If this is the case ARP poisioning is the easiest way to obtain the traffic.
-
April 10th, 2007, 11:19 PM
#12
Originally Posted by oofki
A lot of switches do not have a mirroring mode that makes the switch act like a hub. If this is the case ARP poisioning is the easiest way to obtain the traffic.
Actually, that is incorrect and also dangerous.
First, if you ARP poison a network, you run the risk of taking the whole damn thing down, especially if you have an underpowered box. You could DoS your entire organization and also earn a pair of shiny bracelets that you wear on your way out the door. They don't have nice network labs in jail.
If your device does not have a span/mirror port, use a "Y" line tap (layer 1 repeater, i.e., a mini hub) immediately upstream from the switch. You can then watch inbound/outbound connections to that subnet.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Similar Threads
-
By Nokia in forum The Security Tutorials Forum
Replies: 0
Last Post: October 23rd, 2006, 04:58 PM
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 0
Last Post: October 7th, 2004, 07:18 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By mathgirl32 in forum IDS & Scanner Discussions
Replies: 10
Last Post: February 3rd, 2003, 07:20 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|