From owner-freebsd-security  Mon Jul 28 17:22:21 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id RAA15988
          for security-outgoing; Mon, 28 Jul 1997 17:22:21 -0700 (PDT)
Received: from mail001.mediacity.com (mail001.mediacity.com [205.216.172.7])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id RAA15978
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 17:22:18 -0700 (PDT)
Received: (qmail 23990 invoked from network); 29 Jul 1997 00:22:08 -0000
Received: from geekgirl.mediacity.com (HELO geekgirl) (208.138.36.24)
  by mail001.mediacity.com with SMTP; 29 Jul 1997 00:22:08 -0000
Date: Mon, 28 Jul 1997 05:15:38 -0800
From: "Nicole H."  <nicole@mediacity.com>
Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) 
To: "Nicole H."  <nicole@mediacity.com>,
        Brian Buchanan  <brian@thought.res.cmu.edu>
Cc: security@FreeBSD.ORG
X-Mailer: Z-Mail Pro 6.1 (Win32 - 021297), NetManage Inc.
X-Face: Dy;P!H@)Go.{^Epw&,}@q4ReQ3iOqFrASM63QjFsK/'XnOO67}+{szQ|oo]]`]/.r,g5lx;
 w+F^YYL4j<EF?-v/Uq[]oFYBgjuR;7(!Gju$r^G<uca5(A)uMak8~<Tj!:[Et[di?&!+I(/nHp]w1[
 4VFHO~Xj0c8jt6g$l&ra8f#L0T|{j{u%-Am)Y/nJAC%lvd!]``~OM9HDB8nKminy9FeU2+C5BE'X?
X-Priority: 3 (Normal)
References: <Pine.BSF.3.96.970728193910.26892B-100000@thought.res.cmu.edu> 
Message-ID: <Chameleon.870092851.nmh@geekgirl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> >  What is the range of sniffing? I.E. can the "sniffer" sniff past switched networks?
> >  What is the "range" of sniffing?
> 
> A machine can sniff any packet that passes through the wire going into its
> ethernet card.  Switches, bridges, routers, and smarthubs will all limit
> the range of sniffing by preventing traffic not destined for a part of the
> network from going down its wires.  For example, if LAN A is connected to
> LAN B over a switch or a bridge, and both LAN A and LAN B use either
> 10baseT/100baseT going into a common hub for each LAN or thinnet, then
> anyone with root access to a machine on LAN A can sniff all packets
> originating from and destined for LAN A machines, and only those packets. 
> The same applies to LAN B - machines on that network can only sniff the
> packets from/to other machines on LAN B. However, if one LAN is using
> 10baseT/100baseT with a smarthub, then machines on that network will only
> receive their own incoming packets, and will thus not be able to sniff
> anyone else's packets.  This doesn't mean the packets can't be sniffed,
> though.  If the packets cross any insecure network or pass through a
> router en route to their destination, they can be sniffed there.

Thanks!
 Thats kind of what I thought. Does anyone know however if an Ascend Max unit can be sniffed across. I.E. Can 
a dial up user sniff everyone else connected to the ethernet that it is plugged into, assuming it is not 
using bridging.

If this is not possible. How do most people tend to sniff a network to get a password since you have to be on 
the network to sniff for a password....

Thanks again


Nicole




 nicole@mediacity.com      |\ __ /|   (`\   http://www.mediacity.com
  Nicole Harrington        | o_o  |__  ) )    Phone: 415-237-1464 
                          //      \\          Pager: 415-301-2482
		    Systems Administrator
------------------------(((---(((-------------------------------------
 *******             
  * *****       What do you mean Spelling Errors? 
   * * *                       My Modem is Error Correcting!
      * 

CAUTION: I'm no doctor, I only tell computers what to do.
Nothing in this document should be construed as medical advice.
My opinions are subject to the availability of information.
I learn new things each day, and so may change my opinions.

    Courtesy is owed. Respect is earned. Love is given. --
-----------------------------------------------------------------------