I am studying Network Security as my bachelors cource. I have just
study that in switched network we can not sniff the netwrok traffic.
But there exist techniques to achieve sniffing the network being in
promiscuous mode.
Techniques to capture network traffic in promiscuous mode on a *switched*
network?
So what technique does the ethereal use to capture network traffic in the promiscuous mode.
The only technique Ethereal uses is to open the network device, using
"pcap_open_live()", with the "promisc" argument being 1, to put the
network adapter into promiscuous mode.The only technique libpcap/WinPcap (the packet-capture library, containing
"pcap_open_live()", that Ethereal uses) uses to put the adapter into promiscuous mode is to use the OS's mechanism for doing so on network devices being captured on.Those are not sufficient to capture in promiscuous mode on a switched network.One way to do so, for some switches, is to put a port on the switch into "span" or "mirror" or... mode, and capture on an interface plugged into that port: http://www.ethereal.com/faq#q5.1 --- You could also change your computer's MAC address to that of the router or some other host, but it would kinda grind the network to a halt.
study that in switched network we can not sniff the netwrok traffic.
But there exist techniques to achieve sniffing the network being in
promiscuous mode.
Techniques to capture network traffic in promiscuous mode on a *switched*
network?
So what technique does the ethereal use to capture network traffic in the promiscuous mode.
The only technique Ethereal uses is to open the network device, using
"pcap_open_live()", with the "promisc" argument being 1, to put the
network adapter into promiscuous mode.The only technique libpcap/WinPcap (the packet-capture library, containing
"pcap_open_live()", that Ethereal uses) uses to put the adapter into promiscuous mode is to use the OS's mechanism for doing so on network devices being captured on.Those are not sufficient to capture in promiscuous mode on a switched network.One way to do so, for some switches, is to put a port on the switch into "span" or "mirror" or... mode, and capture on an interface plugged into that port: http://www.ethereal.com/faq#q5.1 --- You could also change your computer's MAC address to that of the router or some other host, but it would kinda grind the network to a halt.
No comments:
Post a Comment