Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jul 1997 19:49:03 -0400 (EDT)
From:      Brian Buchanan <brian@thought.res.cmu.edu>
To:        "Nicole H." <nicole@mediacity.com>
Cc:        security@FreeBSD.ORG
Subject:   Re: Detecting sniffers (was: Re: security hole in FreeBSD) 
Message-ID:  <Pine.BSF.3.96.970728193910.26892B-100000@thought.res.cmu.edu>
In-Reply-To: <Chameleon.870090090.nmh@geekgirl>

next in thread | previous in thread | raw e-mail | index | archive | help
>  What is the range of sniffing? I.E. can the "sniffer" sniff past switched networks?
>  What is the "range" of sniffing?

A machine can sniff any packet that passes through the wire going into its
ethernet card.  Switches, bridges, routers, and smarthubs will all limit
the range of sniffing by preventing traffic not destined for a part of the
network from going down its wires.  For example, if LAN A is connected to
LAN B over a switch or a bridge, and both LAN A and LAN B use either
10baseT/100baseT going into a common hub for each LAN or thinnet, then
anyone with root access to a machine on LAN A can sniff all packets
originating from and destined for LAN A machines, and only those packets. 
The same applies to LAN B - machines on that network can only sniff the
packets from/to other machines on LAN B. However, if one LAN is using
10baseT/100baseT with a smarthub, then machines on that network will only
receive their own incoming packets, and will thus not be able to sniff
anyone else's packets.  This doesn't mean the packets can't be sniffed,
though.  If the packets cross any insecure network or pass through a
router en route to their destination, they can be sniffed there.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970728193910.26892B-100000>