Why can I see other traffic at switch environment just tcpdump?

From: SB CH (chulmin2at_private)
Date: Mon Oct 07 2002 - 23:08:32 PDT

  • Next message: Nick FitzGerald: "Re: Forensics CD (was: Re: Strange Folder" 

    Hello, all

I have operated linux server at switch environment,
and just with tcpdump, I can see some other traffic whic is not related 
with me without any other tool or trick.
 
it means that I can sniff traffic without special sniffing tool at the 
switch , right? is it possible?
but it's ture.

for example, 

# tcpdump port 80
15:03:42.681171 eth0 P 211.47.130.114.1131 > 211.47.1.55.www: S 
my system has no relations with 211.47.130.114 or 211.47.1.55.
just switch connected together with 211.47.1.55.


Thanks in advance.


_________________________________________________________________
Ŭ¸¯ÇÏ¸é ³ª¸¸ÀÇ ±¤°í°¡ ¶å´Ï´Ù. °Ë»ö Å°¿öµå ±¤°í ¹®ÀÇ 
http://www.msn.co.kr/search/keywordshop


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 19:38:08 PDT