cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

VLAN traffic

ffati
Beginner
Beginner

Hello,

There is a possibility so that a machine connect with network can see the whole of traffic which circulate in the vlan to which it be attach(broadcast, unicast, multicast).

And if there is some tool freewere which can be use for this goal.

4 REPLIES 4

ostav
Beginner
Beginner

On the switch you need to enable port spanning so all traffic of the VLAN will be copied to a monitoring port. Look for the specific commands in the documentation of the switch.

As a freeware product to watch the traffic, you could use ethereal (www.ethereal.com).

so, without administrator privilege of switch to enable port spanninge, no one can see the traffic unicast of the VLAN.

thanks.

That is correct , you have to enter the correct ios commands to make it work .

Actually it is possible for anyone who can connect to a switch port to see all unicast, multicast, and broadcast traffic on a given vlan, without any administrator privileges, using an application such as Ethereal.

You simply have to fill the MAC address table with bogus entries so that the switch cannot learn any of the real MAC addresses in the network. Once this occurs, the switch will flood all traffic (broadcast, multicasts, and unicasts) to every port in the VLAN, because the switch does not "know" where the legitimate addresses are and can no longer "learn" the address locations because the table is full.

This is sometimes referred to as a MAC attack. One way of preventing this is to use port security.

There's some good documentation on this and other potential security risks of switches at the following link:

http://www.cisco.com/networkers/nw03/presos/docs/SEC-2002.pdf

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: