June 13, 2005

Sniffing in a Switched Network

Many of us know that sniffing is possible in a shared i.e. non-switched ethernet environment. But only few of us know that sniffing is also possible in a switched ethernet environment. One of the reasons is that it's not that straighforward. But it's not impossible or difficult. You can use man in the middle technique like ARP spoofing to sniff in a switched environment.

This presentation is an attempt to explain how can somebody sniff in a switched ethernet using ARP spoofing. Dsniff has existed for long as a tool for various sniffing activities. But recently, tools like EttercapNG have made it easier. Links to the presentation:

Sniffing in a Switched Network (HTML Document with frames)
Sniffing in a Switched Network (HTML Document with no frames)
Sniffing in a Switched Network (PDF format)
Sniffing in a Switched Network (Microsoft PPT)

Mirrors for pdf and ppt:
Sniffing in a Switched Network (PDF format)
Sniffing in a Switched Network (Microsoft PPT)

Cheers,
-Manu
----------------
Manu Garg
http://manugarg.freezope.org
"Truth will set you free!"

Technorati tags:

Digg this; Post to del.icio.us

---------------------------------------
Update: Aug 8, 2005
Guys, freezope.org server seems to be unstable. HTML links may or may not work.
---------------------------------------

Posted by manu at Monday, June 13, 2005

Labels: , ,

Add to Del.icio.us

9 comments:

kakarizz said...

Keep up the good work, a very informative blog for the open source community.

15/6/05 11:43 AM
Swapneel said...

Nice inofrmation there dude.Thanks

27/7/05 6:24 PM
Anonymous said...

nice work GARG ,
keep going on

28/7/05 6:51 PM
Anonymous said...

Old recycled info reworded. Good work man!

31/7/05 8:36 PM
Anonymous said...

Nice slide , I have posted a copy of it on secguru

14/11/06 8:55 PM
miscblogger said...

Great information. I was looking for a way to do packet sniffing with ethereal when I'm not using any "dumb hubs." But I was wondering, will this also work with routers?

5/4/07 1:29 AM
manu said...

This won't work across routers as routers segregate arp broadcast domains. You can always own the router first, however ;-)

5/4/07 2:44 PM
Anonymous said...

nice stuff Manu, ettercap turned out to be pretty useful just like other MITM tools. I used it for two communicating machines in the same subnet and used the "oneway" tag to retarget the packets through my machine.

13/4/07 2:55 AM
Dalby said...

www.oxit.it (Cain) can help with that too if you are looking for something specific

29/4/07 1:20 AM

Post a Comment

Subscribe to: Post Comments (Atom)