Re: [Nolug] Packet sniffing on switched network

From: -ray <ray_at_ops.selu.edu>
Date: Fri, 1 Feb 2008 13:33:22 -0600 (CST)
Message-ID: <Pine.LNX.4.61.0802011328010.17886@romulus.csd.selu.edu>

On Fri, 1 Feb 2008, Joey Kelly wrote:

> 3. Or you could go the l33t way and flood the linksys's arp cache, forcing it
> to fail open and defaulted to a layer-1 device, after which you could put
> your linux box anywhere on the LAN and sniff all traffic ;-)

Well even after it fails open, it's still "ethernet", so i contend it's
still a layer-2 device. Everyone get out your OSI chart. :)

But i digress... Have you ever successfully had a switch 'fail open'?
i've tried arp flooding 3com switches before, but the only thing i end up
doing is killing the port i'm flooding from... the rest of the switch
traffic flows fine (and i can't sniff it haha). Anyone ever tried it on a
linksys switch?

ray

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean  				       	 http://www.r-a-y.org
Systems Engineer                    Southeastern Louisiana University
IBM Certified Specialist  	      AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/01/08

This archive was generated by hypermail 2.2.0 : 12/19/08 EST