[unisog] Network security police no hubs/switches/routers?

Michael Holstein michael.holstein at csuohio.edu
Tue May 24 16:54:14 GMT 2005

> Well yeah, but flooding out the CAM table on a managed switch usually
> triggers some sort of alarm or log message.  Which is why I used the words
> that I did.

That's the noisy and "shotgun" approach. I'm talking about spoofing a 
ARP-Reply to a specific host with the IP of the gateway and your MAC [a 
la 'dsniff']. This, in conjunction with a user-space router application, 
can sniff all the traffic from one (or more) hosts on a segment without 
the switch fussing.

Note: this works just fine on wireless networks as well, including 
encrypted ones, provided the "sniffing" wokstation authenticates and the 
target is on the same AP.


More information about the unisog mailing list