[PLUG] help with switches
jason justman
jason at jasonjustman.com
Mon Feb 5 22:21:55 UTC 2007
you can usually do a mac flood and force the switch to dump the port
into promiscuous mode - most switches have a 4k/8k mac address table.
http://www.rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf
you're better off getting a cheap switch that can do l3 management and
provide you with a monitor port/port mirror.
j
Dan Young wrote:
> On 2/5/07, Carla Schroder <carla at bratgrrl.com> wrote:
>> I'm having a hard time finding an answer to what seems to be a simple
>> question- what Ethernet switches include monitor ports for sniffing all
>> network traffic? I assume that unmanaged switches don't have this,
>> though it
>> would be nice to be wrong because they're inexpensive. I've been
>> looking at
>> all kinds of managed and 'smart' switches, and I'm not seeing
>> anything in
>> their specs that sounds like what I'm looking for. Is there some magic
>> buzzword I should be looking for? got any specific models to recommend?
>
> It's sometimes called port mirroring. If the switch isn't "managed",
> how would you enable/disable the port mirroring/monitoring function?
>
More information about the PLUG
mailing list