NetStumbler.org Forums - View Single Post - sniffers-prom-lucient

08-27-2001

That attack FLOODS the switch wih ARP packets. I'm not sure ho the whole thing works but in the end ALL of thepackets aparently ROUTE through the attackin machine. That in itself would certainly slow trafic as yor mahcine is NO going to be as good at swithcing packets as the dedicated hardware. Plus you've flooded the network with traffic causing the switch to fail in an unnatural way! This is "not cool". Some switches will fail into a HUB type mode as well and allow sniffing. Basically you're attacking the network and flooding it with unnecessary packets. The multiple DNS requests for each new hosts your sniffer sees will also allow that inerface to be easily found by simply pumping a few fake hosts out there to see whch interface queries the DNS server for them. You might want to be careful about doing that sort of thing as it's NOT something any network administrator is likely to find as benign....

Oh, packet sniffing on WIN2K is pretty easy. Look up Etherreal - they have a WIN32 version and the instrucitons will tell you where to go in order to find the packet sniffing library that's needed to go promiscous on NT. Note that on a switch, without the monkey business you've already been trying, that you will NOT see any packets but those destined for YOU. That's part of how a switch saves bandwidth and supposedly promotes security (cough)...

08-27-2001	#4 (permalink)
Posts: n/a	ARP flooding... That attack FLOODS the switch wih ARP packets. I'm not sure ho the whole thing works but in the end ALL of thepackets aparently ROUTE through the attackin machine. That in itself would certainly slow trafic as yor mahcine is NO going to be as good at swithcing packets as the dedicated hardware. Plus you've flooded the network with traffic causing the switch to fail in an unnatural way! This is "not cool". Some switches will fail into a HUB type mode as well and allow sniffing. Basically you're attacking the network and flooding it with unnecessary packets. The multiple DNS requests for each new hosts your sniffer sees will also allow that inerface to be easily found by simply pumping a few fake hosts out there to see whch interface queries the DNS server for them. You might want to be careful about doing that sort of thing as it's NOT something any network administrator is likely to find as benign.... Oh, packet sniffing on WIN2K is pretty easy. Look up Etherreal - they have a WIN32 version and the instrucitons will tell you where to go in order to find the packet sniffing library that's needed to go promiscous on NT. Note that on a switch, without the monkey business you've already been trying, that you will NOT see any packets but those destined for YOU. That's part of how a switch saves bandwidth and supposedly promotes security (cough)...