[svlug] switch & network watching

Derek Balling dredd at megacity.org
Wed Jun 6 07:52:02 PDT 2001


At 12:23 AM -0700 6/6/01, Erik Steffl wrote:
>Jeremy Zawodny wrote:
>>
>>  On Tue, Jun 05, 2001 at 11:39:15PM -0700, Erik Steffl wrote:
>>  >
>>  >   I have few computers and netgear switch fs 108 (all computers are
>>  > connected to switch). That basically means I cannot detect traffic
>>  > between other computers from any particular computer, right? (it
>>  > would be possible using a hub)
>>
>>  That's the point of having a switch. Well, it's not *the* point, but
>>  yes. Traffic is more isolated. It's harder to snoop.
>
>   harder or impossible?

Harder... you could, in theory at least, convince your NIC to 
advertise another machine's MAC address... depending on the switch 
(and its configuration) this MIGHT work. Depending on the level of 
(in)security in the switch you might get real-time, you might get 
"spottiness" (where your port and the other port vie to be "the port 
that has that MAC").

So "usually impossible, sometimes just 'harder'".

D

-- 
+---------------------+-----------------------------------------+
| dredd at megacity.org  | "Conan! What is best in life?"          |
|  Derek J. Balling   | "To crush your enemies, see them        |
|                     |    driven before you, and to hear the   |
|                     |    lamentation of their women!"         |
+---------------------+-----------------------------------------+




More information about the svlug mailing list