Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] sniffing in a switched network - arp spoofing using etterca

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 17 Jun 2005 13:06:26 +1000
start doing arp spoofing and kill ettercap or hunt with a -9  and
watch the end-to-end outage that occurs and will last until the arp
entry timeout (10-15 minutes).

very very ugly.

dont dont dont ever do this unless you know what you are doing.
never ever ever ever do this in a business critical network, ever.


On 6/17/05, Manu Garg <manugarg@xxxxxxxxx> wrote:
> I don't believe that. Arp poisoning is not ugly. You can call MAC
> flooding as ugly, but not ARP poisoning for sure.
> 
> ARP poisoning does nothing to the switch. Switches work at level 2 and
> are only concerned about MAC addresses.  They don't come to know that
> MAC address of a certain IP address has changed.
> 
> ARP poisoning can confuse only the involved hosts. If gateway is one
> of those hosts and someone attempting to ARP poison is a kid, then
> certainly there can be some problems.
> 
> hth
> ~manu
> 
> On 6/16/05, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> > Manu Garg wrote:
> >
> > >Many of us know that sniffing is possible in a shared i.e.
> > >non-switched ethernet environment. But only few of us know that
> > >sniffing is also possible in a switched ethernet environment. One of
> > >the reasons is that it's not that straighforward. But it's not
> > >impossible or difficult. You can use man in the middle technique like
> > >ARP spoofing to sniff in a switched environment.
> > >
> > >
> > >This presentation is an attempt to explain how can somebody sniff in a
> > >switched ethernet using ARP spoofing. Dsniff has existed for long as a
> > >tool for various sniffing activities. But recently, tools like
> > >EttercapNG have made it easier.
> > >
> > >
> > >Link to my original post and presentation -
> > >http://manugarg.freezope.org/2005/06/sniffing-in-switched-network-many-of.html
> > >
> > >Presentation-
> > >http://manugarg.freezope.org/notes/arp_spoofing
> > >
> > >Please let me know your views on it.
> > >
> > >
> > Yes it is possible, but it is really ugly for it's various side effects.
> >
> > Have a look at the information on this topic so far at:
> > http://wiki.ethereal.com/CaptureSetup_2fEthernet
> >
> > As the wiki page says:
> >
> > *Please do not try this on any LAN other than your own.*
> >
> > Regards, ULFL
> >
> 
> 
> --
> Manu Garg
> http://manugarg.freezope.org
> "Truth will set you free!"
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube