03-04-2004 06:06 AM - edited 03-02-2019 02:01 PM
Hello,
There is a possibility so that a machine connect with network can see the whole of traffic which circulate in the vlan to which it be attach(broadcast, unicast, multicast).
And if there is some tool freewere which can be use for this goal.
03-04-2004 06:29 AM
On the switch you need to enable port spanning so all traffic of the VLAN will be copied to a monitoring port. Look for the specific commands in the documentation of the switch.
As a freeware product to watch the traffic, you could use ethereal (www.ethereal.com).
03-04-2004 06:37 AM
so, without administrator privilege of switch to enable port spanninge, no one can see the traffic unicast of the VLAN.
thanks.
03-04-2004 08:08 AM
That is correct , you have to enter the correct ios commands to make it work .
03-04-2004 09:27 AM
Actually it is possible for anyone who can connect to a switch port to see all unicast, multicast, and broadcast traffic on a given vlan, without any administrator privileges, using an application such as Ethereal.
You simply have to fill the MAC address table with bogus entries so that the switch cannot learn any of the real MAC addresses in the network. Once this occurs, the switch will flood all traffic (broadcast, multicasts, and unicasts) to every port in the VLAN, because the switch does not "know" where the legitimate addresses are and can no longer "learn" the address locations because the table is full.
This is sometimes referred to as a MAC attack. One way of preventing this is to use port security.
There's some good documentation on this and other potential security risks of switches at the following link:
http://www.cisco.com/networkers/nw03/presos/docs/SEC-2002.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide