Wireshark · Ethereal-users: Re: [Ethereal-users] sniffing in a switched network - arp spoofing using ettercap and ethereal

[Ulf Lamping <ulf.lamping@xxxxxx>]

Manu Garg wrote:

>I don't believe that. Arp poisoning is not ugly. You can call MAC
>flooding as ugly, but not ARP poisoning for sure.
>
>ARP poisoning does nothing to the switch. Switches work at level 2 and
>are only concerned about MAC addresses.  They don't come to know that
>MAC address of a certain IP address has changed.
>
>ARP poisoning can confuse only the involved hosts. If gateway is one
>of those hosts and someone attempting to ARP poison is a kid, then
>certainly there can be some problems.
>  
>
Well, as always it depends on what you want to do.

The usual way I use Ethereal is to find various problems. So I use it as
a measuring device and I don't want to affect the network I'm measuring
in any possible way, as this might introduce new problems (that I really
don't want to have while debugging :-). Ethereal should be a help to
find a solution and not become another part of the problem itself ;-)

I'm usually not the Admin of the network I'm working at, so doing things
like this might (and probably will) "ring a bell somewhere" which is
usually not what I want to happen.

On the other hand, if I would be the Admin of a network and someone
would start such attempts to sniff on the network I'm responsible for
(without asking me first), I would have to do a serious conversation
with that person ...

Regards, ULFL