[unisog] Strange things from our residence.

David P. Allen allendp at plu.edu
Wed Oct 23 16:50:33 GMT 2002


Jerry A. Copus wrote:

> I seem to recall that the tool was called "dsniff". A Google search 
> will turn up a lot about it, but SANS has a general write-up of the 
> theory at 
> <http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm>.


That's the one!  Thanks to Sean for "reminding" me first.

The symptoms described by Pete sound exactly like what I saw when we 
experimented with "dsniff".  However, we have also seen similar behavior 
when some student machines have been connected with improperly 
configured NICs to the campus network.  Usually, in that case the MAC 
address is not all FF's though and is more random.

Good luck sorting this out regardless.

-- 
David P. Allen
Network Manager
Pacific Lutheran University

{ (253) 535-7524          | "...one of the main causes of the fall of  }
{ allendp at PLU.edu         |  Rome was that, lacking zero, they had no  }
{ www.plu.edu/~allendp    |  way to indicate successful termination of }
{                         |  their C programs."         --Robert Firth }





More information about the unisog mailing list