thanks for the reply. I am new to this so purely going by the theory on SANS. http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm Which says, that there are 3 ways to sniff on swicthed networks. 1. ARP spoofing. 2. MAC flooding. 3. MAC Duplicating. number 2 is not an option. number 1 is ok except I did not want risk breaking Network connectivity even after enabling IP Forwarding. numer 3 is "supposed to be the easiest" since one just changes to the NIC. Also according to this article there is no need to ARP Spoof, if using MAC Duplicating. -----> Hence, back to the original question: Even though your answer makes sense as well (although the victim computer has lost NO connectivity yet. The victim whose MAC address I have duplicated on my RH 7 box has full network connectivity, still) -----> how do I now get Telnet sessions originating from the victim to destination servers:23 thanks again kumar. --- Ryan Russell <ryanat_private> wrote: > On Mon, 6 May 2002, kumar mahadevan wrote: > > > If I am on a Switched network and I change my MAC > > address on my RH 7 box to the victim's (using > > IFCONFIG). Now, how do I capture say for e.g > Telnet > > sessions between the victim and a server running > > telnet service. > > If you change your MAC address to be that of the > victim (the box in the > same broadcast domain as your attacking machine) > then you will be fighting > the victim for control of the MAC address in the > switch. The switch will > alternately think that that MAC address is in one > port, then another, as > frames come in with that as a source address. In > general, you'll just > make the victim unable to communicate, and yuo won't > be able to monitor > most of the traffic. > > > > > I don't want to ARP cache poison nor MAC flood > the > > switch. > > Then your best bet is to poison the ARP cache on the > victim, to make it > think you're the other box, or the router. > Configure your box to forward > the packets so you don't break the communications. > > > Ryan > ______________________________________________________________________ Games, Movies, Music & Sports! http://entertainment.yahoo.ca ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 14:15:27 PDT