Networking | Programming | Security | Linux | Computer Science | About

Sniffing on Switches

The safest way to obtain traffic from a switch is to coordinate with a network administrator to configure “port mirroring,” in which traffic from ports of interest is mirrored to a port that is used by the investigator.

Switches can also be attacked in several ways to try to facilitate sniffing. The most common are:

It would be hard to argue that either of these methods is really “passive,” since they require an attacker to send extensive and continuing traffic on the network. However, these are methods for facilitating traffic capture on switched networks when port mirroring or tapping a cable is not an option.

Published on Mon 28 April 2014 by Randy Nugent in Security with tag(s): sniffer switches