Faisal Khan said:
> I am studying Network Security as my bachelors cource. I have just
> study that in switched network we can not sniff the netwrok traffic.
> But there exist techniques to achieve sniffing the network being in
> promiscuous mode.
Techniques to capture network traffic in promiscuous mode on a *switched*
network?
> So what technique does the ethereal use to capture
> network traffic in the promiscuous mode.
The only technique Ethereal uses is to open the network device, using
"pcap_open_live()", with the "promisc" argument being 1, to put the
network adapter into promiscuous mode.
The only technique libpcap/WinPcap (the packet-capture library, containing
"pcap_open_live()", that Ethereal uses) uses to put the adapter into
promiscuous mode is to use the OS's mechanism for doing so on network
devices being captured on.
Those are not sufficient to capture in promiscuous mode on a switched
network.
One way to do so, for some switches, is to put a port on the switch into
"span" or "mirror" or... mode, and capture on an interface plugged into
that port:
http://www.ethereal.com/faq#q5.1