X.25 can be sniffed if you break the link. All the traffic is coming through on one connection. With ethernet, you can use a matrix switch to insert into a segment to sniff.
Ed
I think that a lot of ethernet switches also have a common port that can
see all the traffic on the other ports if required.
J.
On Wed, 14 Aug 1996, Ryan Mooney wrote:
>
> You only can't sniff across switched ports.
>
> ie:
>
> -----seg1-------+----------+
> | |
> -----seg2-------+ |
> | Switch |
> -----seg3-------+ |
> | |
> -----seg4-------+----------+
>
> In this scenario if you are on seg1 and traffic is going from seg2 to
> seg3 you never see it. You would of course be able to see any traffic
> on seg1, but thats it (except for broadcast packets and the like).
> Saying that switched ethernet can't be sniffed is somewhat of a misnomer
> as each virtual segment usually has more than one system on it and
> any one of those systems could theoretically snoop any traffic on that
> segment. I think this is really simple common sense once you look at what
> the switch is really doing... and what machines are where. There are
> of course ways to capture all data going across the switch with things
> like switch probes and the like, these do however have to be installed,
> and left open for evil bad dude to use in his copious spare time.
>
> >
> > excuse my ignorance or lack or research, yet...
> >
> > what makes switched ethernet unable to be snarfed....
> >
> > --->
> > Robert H. Hanson LAN/WAN Consultant - Internet Service Provider
> > Otis Orchards, Wa. Cutting Edge Communications www.cet.com
> > (509) 927-9541 finger: info @
cet .
com or email: roberth @
cet .
com
> >
> >
> >
> > On Wed, 14 Aug 1996, Bernd Eckenfels wrote:
> >
> > > Hi,
> > >
> > > > We did We captured all the X25 packets then opened them up There was
> > > > IBM SNA data going through the X25 Looked like a database update
> > > > There was mail going through Boring stuff about various shipments
> > > > And there was a trickle of teletype
> > >
> > > what kind of X.25 Connection is this? Generally X.25 is not used on
> > > broadcast mediums, only with point-to-point links to the switches. (You can
> > > compare it to switched ethernet, where ethernet sniffing is impossible,
> > > too).
> > >
> > > Greetings
> > > Bernd
> > > --
> > > (OO) -- Bernd_Eckenfels @
Wittumstrasse13 .
76646Bruchsal .
de --
> > > ( .. ) ecki @
lina .
{inka .
de,ka.sub.org} http://home.pages.de/~eckes/
> > > o--o *plush* 2048/A2C51749 eckes @
irc +4972573817 *plush*
> > > (O____O) If privacy is outlawed only Outlaws have privacy
> > >
> >
> >
>
> -------------------------------------------------------------------------------
> Ryan Mooney ryan @
pcslink .
com
> Systems Engineer
> Phoenix Computer Specialists Internet Provider "Illuminate The Opposition!"
> Phone (602)265-9188 Fax (602)265-9357 -- Adam Weishaupt
> proud member of AAAAAA - American Association Against Acronym Abuse Anonymous.
> --------------------------------------------------------------------------------
>
-----------------End of Original Message-----------------
|
|
