[Snort-users] OT: Sniffing Switched Traffic

Marc-Andre Hamelin mhamelin at ...1803...
Wed Apr 11 16:25:37 EDT 2001

Just another suggestion of tool for that purpose :


Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses
ARP poisoning and the man-in-the-middle technique to sniff all the
connections between two hosts. Features character injection in an
established connection - you can inject characters to server (emulating
commands) or to client (emulating replies) while maintaining an established
TCP connection! Integrated into a easy-to-use and powerful ncurses
interface. Screenshots here. RPM available here. Changes: This release
includes full duplex SSH man-in-the-middle support, a new startup mode
(--broadping -b), new sniffing method (PublicARP), support for escape
sequences in Injector, a netmask switch, support for getopt_long even on
*BSD, and a NEW protocol dissector for SSH1, SMB, RLOGIN, HTTP, ICQ, and
MySQL.  Homepage: http://ettercap.sourceforge.net.


Have fun,


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Caruso, Ken
Sent: 11 avril, 2001 13:16
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] OT: Sniffing Switched Traffic


	Slightly off-topic but I figured this would be wise list to ask. I
recently got in a friendly argument with a co-worker regarding the fact that
we still use telnet on a majority of our sun systems. He went on about how
we are on a switched network and we are firewalled, yadda, yadda, yadda.
Just to ruffle his feathers I would like to set up a test scenario on
Catalyst 4000 switch, and possibly compromise the switch or impersonate a
mac address to try to intercept telnet traffic. Can somebody point me to a
good online document/resource for this. 


Ken Caruso

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010411/e661dab8/attachment.html>

More information about the Snort-users mailing list