Jump to content

Switch Sniffing


driveingnow

Recommended Posts

Theres also 'port stealing' (Is what i think ettercap calls it) which is a different way of getting the same effect as Arp Poisioning, just without needing to send arp packets to the client. (As some client firewall software (although not many... sygate PFP is the onlyone i have activley tested upto now) actually stop arp attacks at the client side) Therefore this allows pretty much the same attack to take place by only affecting the switch. (The downside is its slower, and i should imagine from the way it works it would fall down under heavy load)

You could of course always beat the resident DHCP server to its job... ooor if you have physical access to the switch, theres nothing wrong with creating a bridge accross two NIC's on your lappy and sitting literally in between the connection.

Other than that, im all out of ideas, so take this, and the other advice in this thread... and get yourself ettercap! (to start with... but you really should learn what ettercap does to make things easier on your brain if you cant gettit to work ;))

Cheers,

TX

Ps,

Just another thaught... maybe sniffing SNMP communities, to see if you could enable port repeating/listening through a manegement MIB for that switch. (ethereal will help you here too.. just remember access to snmp can be restricted down to lists of Ip's etc)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...