Ethereal-users: Re: [Ethereal-users] sniffing in a switched network - arp spoofing using etterca

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jay Taylor <foosyou@xxxxxxxxx>
Date: Thu, 16 Jun 2005 20:02:28 -0500
Instead of crippling the network by using a hub near the core or spoofing arp you can mirror a port on most managed switches. Mirroring (or SPAN in Cisco speak) forwards an additional copy of each from from the spanned port to the port you connect your network analyzer to. This method has no impact on the other hosts communicating through the switch as long as the switch is robust enough for the traffic it will pass. Keep in mind that the port you attach your network analyzer to may drop packets if it can not handle the cumulative bandwidth of all the ports it is monitoring. IE: If you try to monitor several hosts with 100Mb connections it could quickly overwhelm the 100Mb link you are analyzing from.

Ulf Lamping wrote: 
Manu Garg wrote:

  
Many of us know that sniffing is possible in a shared i.e.
non-switched ethernet environment. But only few of us know that
sniffing is also possible in a switched ethernet environment. One of
the reasons is that it's not that straighforward. But it's not
impossible or difficult. You can use man in the middle technique like
ARP spoofing to sniff in a switched environment.


This presentation is an attempt to explain how can somebody sniff in a
switched ethernet using ARP spoofing. Dsniff has existed for long as a
tool for various sniffing activities. But recently, tools like
EttercapNG have made it easier.


Link to my original post and presentation -
http://manugarg.freezope.org/2005/06/sniffing-in-switched-network-many-of.html

Presentation-
http://manugarg.freezope.org/notes/arp_spoofing

Please let me know your views on it.
 

    
Yes it is possible, but it is really ugly for it's various side effects.

Have a look at the information on this topic so far at:
http://wiki.ethereal.com/CaptureSetup_2fEthernet

As the wiki page says:

*Please do not try this on any LAN other than your own.*

Regards, ULFL

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users