[ale] MicroCenter in Duluth

Bruce Griffis griffisb at bellsouth.net
Fri Jul 25 14:02:52 EDT 2003


On Friday 25 July 2003 01:25 pm, Matt Smith wrote:
> >I purchased a generic netgear switch and want to sniff.
> >If I use a crossover cable and fool the switch in
> >thinking I'm a hub will it send me all the packets?
>
> No, a switch uses MAC addresses to direct traffic only to the port that is
> necessary.  Only fancy switches (I.E. NOT the netgear one you have) will
> create a "mirror" port that copies all of the traffic from every port onto
> a specific port for sniffing/intrusion detection, etc.
>
> What you really needed to buy is a hub. :)  Or you can use some of the
> airsnort suite of tools to hijack the default gateway's mac and trick every
> machine on the network into sending you it's packets..  But that doesn't
> help for traffic between machines on the subnet.
>
>
> --Matt

Matt's right - the Netgear Switch you have won't let you sniff all traffic on 
the LAN. If you don't mind popping for a few pennies and are doing this at 
home, you could add a hub to the equation. Connect your router to your hub. 
Connect your PC to the hub. Connect the switch's uplink port to the hub. 
You'll get all inbound and outbound traffic. You won't get PC-to-PC traffic, 
though. For that, all devices would need to be on the hub.

Oh yeah - Ethereal is pretty good, too. I tried it and removed it. Sometimes 
at home you're better off not knowing everything running across the wire.

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list