On Tue, 20 Jul 1999, Jaye Mathisen wrote:
>
> Perhaps I'm missing something obvious, but since switches forward packets
> selectively per port, I would think it would be hard to sniff packets on
> any port, w/o administrative access to the switch to tell it to mirror
> data to a different port.
You can definitely do it with ARP games.
I was playing with this and I ran into an interesting phenomena --
perhaps someone more familiar with the workings of switches could
explain.
What I was doing was having one machine send out bogus ARPs to all
the machines on the network except the victim, telling them the
victim was at a nonexistent MAC address. The switch would broadcast
packets for this MAC address because it didn't know where it was.
I would then rewrite the MAC address in the ethernet header and
put the packet back on the wire so the victim would get it.
Interesting part was, not only did traffic for my bogus MAC get
broadcast, apparently so did ALL traffic. !! This brought the
100Mbit switch to its knees.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
