Guy Harris wrote:
Faisal Khan said:
I am studying Network Security as my bachelors cource. I have just
study that in switched network we can not sniff the netwrok traffic.
But there exist techniques to achieve sniffing the network being in
promiscuous mode.
Techniques to capture network traffic in promiscuous mode on a *switched*
network?
So what technique does the ethereal use to capture
network traffic in the promiscuous mode.
The only technique Ethereal uses is to open the network device, using
"pcap_open_live()", with the "promisc" argument being 1, to put the
network adapter into promiscuous mode.
The only technique libpcap/WinPcap (the packet-capture library, containing
"pcap_open_live()", that Ethereal uses) uses to put the adapter into
promiscuous mode is to use the OS's mechanism for doing so on network
devices being captured on.
Those are not sufficient to capture in promiscuous mode on a switched
network.
One way to do so, for some switches, is to put a port on the switch into
"span" or "mirror" or... mode, and capture on an interface plugged into
that port:
http://www.ethereal.com/faq#q5.1
You could also change your computer's MAC address to that of the router
or some other host, but it would kinda grind the network to a halt.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users