- Posts: 4
- Thank you received: 0
Sniffing Switched Network
- machine_type
- Topic Author
- Offline
- New Member
Less
More
21 years 5 months ago #274
by machine_type
Sniffing Switched Network was created by machine_type
Hello,
Does anybody know how to sniff a switched network?
I have a network of about 50 and sometimes I would like to see what is going through some workstations. I do not want to install a sniffer on each one. Or is there something like a client/server setup where I can host the main program on mine and just put a lightweight one on theirs?...
Thanks for the help.
SLM
Does anybody know how to sniff a switched network?
I have a network of about 50 and sometimes I would like to see what is going through some workstations. I do not want to install a sniffer on each one. Or is there something like a client/server setup where I can host the main program on mine and just put a lightweight one on theirs?...
Thanks for the help.
SLM
- machine_type
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
21 years 5 months ago #276
by machine_type
Replied by machine_type on topic Sniffing Switched Network
O.k., thanks
They have ported it to 9x/NT/2K/XP. It requires cygwin and WinPcap.
I have not tried it yet but will very soon.
Thanks for the help
They have ported it to 9x/NT/2K/XP. It requires cygwin and WinPcap.
I have not tried it yet but will very soon.
Thanks for the help
21 years 5 months ago #275
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Sniffing Switched Network
To sniff a switched network is one of the coolest things one can do I recon [img]images/smiles/icon_smile.gif[/img]
Thank goodness there are people out there trying really hard to make our dreams come true, and two these are ALoR & NaGA who have produced 'Ettercap' and runs under Linux, but I think they have also managed to port a version to the Windows o/s.
Ettercap is a very powerful sniffer that uses various methods (like arp poissioning) to trick the switch and make it forward packets to the port that your sniffing PC is on.
You can download your copy from ettercap.sourceforge.net/
Cheers,
Thank goodness there are people out there trying really hard to make our dreams come true, and two these are ALoR & NaGA who have produced 'Ettercap' and runs under Linux, but I think they have also managed to port a version to the Windows o/s.
Ettercap is a very powerful sniffer that uses various methods (like arp poissioning) to trick the switch and make it forward packets to the port that your sniffing PC is on.
You can download your copy from ettercap.sourceforge.net/
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
- jbruijntjes
- Offline
- New Member
Less
More
- Posts: 8
- Thank you received: 0
21 years 4 months ago #277
by jbruijntjes
"Los Angeles, year 2029. All stealth bombers are upgraded with neural processors, becoming fully unmanned. One of them, Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. eastern time, August 29.
Replied by jbruijntjes on topic Sniffing Switched Network
Or u can span the switch ports for a limited period of time.
This can only be done with an managed switch.
Kind regards,
John Bruijntjes
This can only be done with an managed switch.
Kind regards,
John Bruijntjes
"Los Angeles, year 2029. All stealth bombers are upgraded with neural processors, becoming fully unmanned. One of them, Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. eastern time, August 29.
21 years 3 months ago #278
by tfs
Thanks,
Tom
Replied by tfs on topic Sniffing Switched Network
If you want to see what is going on some of the switches, you can also hook up a HUB (not a linksys hub, as it is actually a switch) and put all the workstations you wish to watch (as well as the workstation that has the protocol analyzer on it).
In my case, I used to put my SQL Server on one of the ports as well as the Protocol Analyzer and watched that way. This worked because the only networked traffic we had was from all the workstations to the SQL Server.
You don't want to do this all the time as it will slow down the network.
In my case, I used to put my SQL Server on one of the ports as well as the Protocol Analyzer and watched that way. This worked because the only networked traffic we had was from all the workstations to the SQL Server.
You don't want to do this all the time as it will slow down the network.
Thanks,
Tom
Time to create page: 0.125 seconds