HPE Community
Operating System - HP-UX
1819975 Members
3287 Online
109607 Solutions
New Discussion юеВ

Re: Sniffing around a switched LAN

 
SOLVED
Go to solution
SM_3
Super Advisor

тАО06-28-2004 04:06 AM

тАО06-28-2004 04:06 AM

Sniffing around a switched LAN

Sniffing around a switched LAN

I'a aware that we can use a sniffer on a LAN using hubs.

On a switched LAN is using a sniffer a security issue (not for administrative purposes).

Is it easy/possible to sniff on a switched LAN?

What does someone need to do to sniff on a switched LAN?

thanks
0 Kudos
Reply
10 REPLIES 10
Sridhar Bhaskarla
Honored Contributor

тАО06-28-2004 04:40 AM

тАО06-28-2004 04:40 AM

Solution

Re: Sniffing around a switched LAN

Hi,

It's possible. You will have to do arp-spoofing or mac-spoofing to achive it. Look at dsniff documentation from here.

http://monkey.org/~dugsong/dsniff/faq.html

But from the administrative perspective, you don't need to do as you have control over your switch and you can get everything from there.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Steven E. Protter
Exalted Contributor

тАО06-28-2004 05:26 AM

тАО06-28-2004 05:26 AM

Re: Sniffing around a switched LAN

Quite easy:

http://hpux.connect.org.uk/hppd/hpux/Gtk/ethereal-0.9.15/

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-28-2004 05:55 AM

тАО06-28-2004 05:55 AM

Re: Sniffing around a switched LAN

My original link would not open:
http://hpux.connect.org.uk/hppd/hpux/Gtk/Applications/ethereal-0.9.15/

This one does.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Lee Hundley
Valued Contributor

тАО06-28-2004 06:14 AM

тАО06-28-2004 06:14 AM

Re: Sniffing around a switched LAN

Ettercap also works wonders for easy arp spoofing

http://ettercap.sourceforge.net
It is my firm belief that it is a mistake to hold any firm beliefs
Reply
SM_3
Super Advisor

тАО06-28-2004 07:31 AM

тАО06-28-2004 07:31 AM

Re: Sniffing around a switched LAN


thanks


0 Kudos
Reply
Todd Whitcher
Esteemed Contributor

тАО06-28-2004 11:25 PM

тАО06-28-2004 11:25 PM

Re: Sniffing around a switched LAN

You can also get ethereal off the Internet Express software kit which is available at
the following link.

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

A hardware sniffer device is the best tool to attach to your network for analysis, but ethereal etc. can be used to promiscuously monitor the packets going across the wire. Most switches also have a feature called port mirroring, port monitoring or switch port analyzer ( cisco ) which allow you to capture packets for specific ports etc.

Hope this helps,

Todd
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО06-29-2004 12:27 AM

тАО06-29-2004 12:27 AM

Re: Sniffing around a switched LAN

In a SWITCHED network you can only sniff activity on the wire between your machine (server or pc) to the switch. You will be able to sniff broadcasts, but this is NOT a security issue.

If you were able to gain control of a PC or a server on another port in the switch, then you could possibly listen for activity on that port, but you can NOT listen to activity on a different port.

If there is a HUB on a switch port and you have the ability to listen to activity on the port the HUB is plugged into, then you can listen to activity of anything plugged into the HUB.

Of course if you could gain control of the switch, then the world is your apple and anything is possible.

Again, on a SWITCH (note a SWITCH is very different from a HUB) it is not possible to listen to activity outside of your PORT on the switch. This means that if you are plugged into PORT 1, you can not listen to activity on any other PORT.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Simon Hargrave
Honored Contributor

тАО06-29-2004 12:39 AM

тАО06-29-2004 12:39 AM

Re: Sniffing around a switched LAN

Depending on the switch, some have the option to set a port as promiscuous, purely for LAN monitoring purposes. This will set a particular switch port to receive all packets for that switch, to which you can attach a LAN Analyzer, or whatever. This will only be on a per-switch basis though, so if you have nested switches it won't see them all.
0 Kudos
Reply
Simon Hargrave
Honored Contributor

тАО06-29-2004 12:44 AM

тАО06-29-2004 12:44 AM

Re: Sniffing around a switched LAN

Further to the above, here's an example of how to do this on a Cisco 1900 switch.

http://www.effetech.com/help/cisco-span.htm
0 Kudos
Reply
SM_3
Super Advisor

тАО06-29-2004 08:44 AM

тАО06-29-2004 08:44 AM

Re: Sniffing around a switched LAN


thanks for the info guys

bye
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.