In the previous post, I discussed sniffing traffic on a switched network using a span or mirrored port on a managed switch or using a network tap using either homegrown, multipurpose hardware or dedicated hardware.
What happens when the person wanting to sniff traffic does not have the ability to place a tap inline or turn on a span port? Would this be something that a person with nefarious intent would like to do? How would that person go about getting around the seeming inability to sniff traffic without being able to place their own device?
Those answers can be found in a couple of places online.
The first is a nice paper entitled Packet Sniffing on Layer 2 Switched Local Area Networks from Ryan Spangler from packetwatch.net. This paper discusses attacks such as ARP cache poisoning, CAM table flooding, and switch port stealing and then provides methods for mitigating the attacks.
The second place I found for good information was a tutorial on Antionline.com. This tutorial covers the topics of the first paper but also goes into greater depth since it discussses VLAN hopping and other more advanced layer 2 attacks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment