Ethereal-users: Re: [Ethereal-users] sniffing in a switched network - arp spoofing using etterca

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Manu Garg <manugarg@xxxxxxxxx>
Date: Thu, 16 Jun 2005 23:16:43 -0400
have you ever tried it? i don't think so.

as i said earlier, you are not going to bring down the whole network
even if something goes wrong. only the communication between the
machines being attacked i.e. target machines  is going to be affected.

I'll add a warning to the presentation: "this is not for the kids".
It's certainly not for the kids.

~manu

On 6/16/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> start doing arp spoofing and kill ettercap or hunt with a -9  and
> watch the end-to-end outage that occurs and will last until the arp
> entry timeout (10-15 minutes).
> 
> very very ugly.
> 
> dont dont dont ever do this unless you know what you are doing.
> never ever ever ever do this in a business critical network, ever.
> 
> 
> On 6/17/05, Manu Garg <manugarg@xxxxxxxxx> wrote:
> > I don't believe that. Arp poisoning is not ugly. You can call MAC
> > flooding as ugly, but not ARP poisoning for sure.
> >
> > ARP poisoning does nothing to the switch. Switches work at level 2 and
> > are only concerned about MAC addresses.  They don't come to know that
> > MAC address of a certain IP address has changed.
> >
> > ARP poisoning can confuse only the involved hosts. If gateway is one
> > of those hosts and someone attempting to ARP poison is a kid, then
> > certainly there can be some problems.
> >
> > hth
> > ~manu
> >
> > On 6/16/05, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> > > Manu Garg wrote:
> > >
> > > >Many of us know that sniffing is possible in a shared i.e.
> > > >non-switched ethernet environment. But only few of us know that
> > > >sniffing is also possible in a switched ethernet environment. One of
> > > >the reasons is that it's not that straighforward. But it's not
> > > >impossible or difficult. You can use man in the middle technique like
> > > >ARP spoofing to sniff in a switched environment.
> > > >
> > > >
> > > >This presentation is an attempt to explain how can somebody sniff in a
> > > >switched ethernet using ARP spoofing. Dsniff has existed for long as a
> > > >tool for various sniffing activities. But recently, tools like
> > > >EttercapNG have made it easier.
> > > >
> > > >
> > > >Link to my original post and presentation -
> > > >http://manugarg.freezope.org/2005/06/sniffing-in-switched-network-many-of.html
> > > >
> > > >Presentation-
> > > >http://manugarg.freezope.org/notes/arp_spoofing
> > > >
> > > >Please let me know your views on it.
> > > >
> > > >
> > > Yes it is possible, but it is really ugly for it's various side effects.
> > >
> > > Have a look at the information on this topic so far at:
> > > http://wiki.ethereal.com/CaptureSetup_2fEthernet
> > >
> > > As the wiki page says:
> > >
> > > *Please do not try this on any LAN other than your own.*
> > >
> > > Regards, ULFL
> > >
> >
> >
> > --
> > Manu Garg
> > http://manugarg.freezope.org
> > "Truth will set you free!"
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> 


-- 
Manu Garg
http://manugarg.freezope.org
"Truth will set you free!"