Re: [Nolug] Packet sniffing on switched network

From: -ray <>
Date: Fri, 1 Feb 2008 13:33:22 -0600 (CST)
Message-ID: <>

On Fri, 1 Feb 2008, Joey Kelly wrote:

> 3. Or you could go the l33t way and flood the linksys's arp cache, forcing it
> to fail open and defaulted to a layer-1 device, after which you could put
> your linux box anywhere on the LAN and sniff all traffic ;-)

Well even after it fails open, it's still "ethernet", so i contend it's
still a layer-2 device. Everyone get out your OSI chart. :)

But i digress... Have you ever successfully had a switch 'fail open'?
i've tried arp flooding 3com switches before, but the only thing i end up
doing is killing the port i'm flooding from... the rest of the switch
traffic flows fine (and i can't sniff it haha). Anyone ever tried it on a
linksys switch?


Ray DeJean  			
Systems Engineer                    Southeastern Louisiana University
IBM Certified Specialist  	      AIX Administration, AIX Support
Nolug mailing list
Received on 02/01/08

This archive was generated by hypermail 2.2.0 : 12/19/08 EST