On Tue, 20 Jul 1999, Jaye Mathisen wrote: > > Perhaps I'm missing something obvious, but since switches forward packets > selectively per port, I would think it would be hard to sniff packets on > any port, w/o administrative access to the switch to tell it to mirror > data to a different port.
You can definitely do it with ARP games. I was playing with this and I ran into an interesting phenomena -- perhaps someone more familiar with the workings of switches could explain. What I was doing was having one machine send out bogus ARPs to all the machines on the network except the victim, telling them the victim was at a nonexistent MAC address. The switch would broadcast packets for this MAC address because it didn't know where it was. I would then rewrite the MAC address in the ethernet header and put the packet back on the wire so the victim would get it. Interesting part was, not only did traffic for my bogus MAC get broadcast, apparently so did ALL traffic. !! This brought the 100Mbit switch to its knees. To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
