RE: arpspoofing

From: Adrian Lazar (alazar@node.bc.ca)
Date: Fri Apr 05 2002 - 12:59:58 EST

Visit the following sites for more information:
http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm
http://www.monkey.org/~dugsong/dsniff/faq.html#How%20do%20I%20sniff%20in
%20a%20switched%20environment

Two useful tools that you can use: dsniff and ettercap.

Hope this helps.

Cheers,

Adrian Lazar
Chief Security Officer (CSO)
Node Solutions, Inc.
(604) 821-1696

-----Original Message-----
From: Erlend J. Leiknes [mailto:nookie@online.no]
Sent: Tuesday, February 05, 2002 11:01 AM
To: pen-test@securityfocus.com
Subject: arpspoofing

Im testing a network for clear-text password leakage. (Unencrypted
protocols)
Since its a switched enviorment I have to arpspoof or macflood.
Macflooding had no success, shouldnt the switches be degraded to hubs
when
their mac-tables get filled?

And when I arpspoof using the redirecting data from the gateway to the
laptop, pings wont get through, and i sent some clear text on purpose
from
machines that had gotten their arp table poisoned. Still it seemed like
it
didnt work too well.

The question is:

if arp -a (on windows 98) shows:
Interface: x.x.x.204 --- 0x2
  Internet Address Physical Address Type
  x.x.x.1 00-10-14-26-60-38 dynamic
  x.x.x.5 00-50-da-37-93-5b dynamic
  x.x.x.6 00-50-da-37-93-5b dynamic

who will recive the packages. 5, 6 or both?

Any other ways to sniff in a switched enviorment?

------------------------------------------------------------------------ 

----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT