Re: Heads Up.

Owen DeLong (owen@delong.sj.ca.us)
Mon, 21 Jul 1997 11:58:50 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jon Rust: "Re: 56K again and again (fwd)"
Previous message: David Davies: "OR-M Option"

> > It got me thinking that maybe I should dedicate a box to network
> > sniffing...but now that we have switches that would be a PITA to do a
> > complete job. I'm thinking of putting a sniffer on the same switch port
> > (via small hub) as our main router.
> >
>
> Depending on the switches you use, this is not a problem. With software,
> our Bay Networks Switches we can create groups of switching, or
> non-switching machines or networks. In essence, you can tell it to put
> your new packet-sniffer computer in with another computer to see its
> packets, then via snmp send a call to move the sniffer to another group,
> then another etc. This way you remain switched to protect your self from
> sniffing, yet can easily and quickly sniff any portion of your own
> network, without EVER touching a cable :) It works for us (slightly
> simplified above, but the principal works).

The bigger problem being that if your switch is compromised, the person
who compromised the switch can do this too.

Owen

Next message: Jon Rust: "Re: 56K again and again (fwd)"
Previous message: David Davies: "OR-M Option"