[ale] MicroCenter in Duluth

Matt Smith msmith at risklabs.com
Fri Jul 25 14:54:24 EDT 2003 

If you have a 1000-port hub, God help you.  The collisions from a network
like that would drive your useable bandwidth to a tiny fraction of whatever
the media is.

But, in general, yes.  When limits are reached like that though (and I'm
sure that netgear has a limit much lower than 1000), you typically end up
"broadcasting" to all of the ports.

There isn't really a way to "detect" whether a hub or client is plugged into
a port... not reliably, at least.


--Matt


-----Original Message-----
From: Christopher Fowler [mailto:cfowler at outpostsentinel.com]
To: ale at ale.org
Sent: Friday, July 25, 2003 2:41 PM
To: ale at ale.org
Subject: Re: [ale] MicroCenter in Duluth


So if I have a 1000 hub ports on one port of the netgear, how does
it keep track of each 1000 mac addresses.  Does it have that much
memory?  I assumed that if it detected a hub and not a PC then it
would bounce all traffic to that hub

On Fri, Jul 25, 2003 at 02:02:52PM -0400, Bruce Griffis wrote:
> On Friday 25 July 2003 01:25 pm, Matt Smith wrote:
> > >I purchased a generic netgear switch and want to sniff.
> > >If I use a crossover cable and fool the switch in
> > >thinking I'm a hub will it send me all the packets?
> >
> > No, a switch uses MAC addresses to direct traffic only to the port that
is
> > necessary.  Only fancy switches (I.E. NOT the netgear one you have) will
> > create a "mirror" port that copies all of the traffic from every port
onto
> > a specific port for sniffing/intrusion detection, etc.
> >
> > What you really needed to buy is a hub. :)  Or you can use some of the
> > airsnort suite of tools to hijack the default gateway's mac and trick
every
> > machine on the network into sending you it's packets..  But that doesn't
> > help for traffic between machines on the subnet.
> >
> >
> > --Matt
> 
> Matt's right - the Netgear Switch you have won't let you sniff all traffic
on 
> the LAN. If you don't mind popping for a few pennies and are doing this at

> home, you could add a hub to the equation. Connect your router to your
hub. 
> Connect your PC to the hub. Connect the switch's uplink port to the hub. 
> You'll get all inbound and outbound traffic. You won't get PC-to-PC
traffic, 
> though. For that, all devices would need to be on the hub.
> 
> Oh yeah - Ethereal is pretty good, too. I tried it and removed it.
Sometimes 
> at home you're better off not knowing everything running across the wire.
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale


----- 
Confidential Information 

The information in this e-mail message (including any attachments) is
privileged and confidential information intended only for the use of the
individual or entity named above.  If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list