From owner-freebsd-security Mon Jul 28 16:49:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA13424 for security-outgoing; Mon, 28 Jul 1997 16:49:12 -0700 (PDT) Received: from thought.res.cmu.edu (THOUGHT.RES.CMU.EDU [128.2.94.7]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA13413 for ; Mon, 28 Jul 1997 16:49:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thought.res.cmu.edu (8.8.5/8.6.12) with SMTP id TAA26995; Mon, 28 Jul 1997 19:49:04 -0400 (EDT) Date: Mon, 28 Jul 1997 19:49:03 -0400 (EDT) From: Brian Buchanan To: "Nicole H." cc: security@FreeBSD.ORG Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > What is the range of sniffing? I.E. can the "sniffer" sniff past switched networks? > What is the "range" of sniffing? A machine can sniff any packet that passes through the wire going into its ethernet card. Switches, bridges, routers, and smarthubs will all limit the range of sniffing by preventing traffic not destined for a part of the network from going down its wires. For example, if LAN A is connected to LAN B over a switch or a bridge, and both LAN A and LAN B use either 10baseT/100baseT going into a common hub for each LAN or thinnet, then anyone with root access to a machine on LAN A can sniff all packets originating from and destined for LAN A machines, and only those packets. The same applies to LAN B - machines on that network can only sniff the packets from/to other machines on LAN B. However, if one LAN is using 10baseT/100baseT with a smarthub, then machines on that network will only receive their own incoming packets, and will thus not be able to sniff anyone else's packets. This doesn't mean the packets can't be sniffed, though. If the packets cross any insecure network or pass through a router en route to their destination, they can be sniffed there.