Date: Mon, 28 Jul 1997 19:49:03 -0400 (EDT) From: Brian Buchanan <brian@thought.res.cmu.edu> To: "Nicole H." <nicole@mediacity.com> Cc: security@FreeBSD.ORG Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) Message-ID: <Pine.BSF.3.96.970728193910.26892B-100000@thought.res.cmu.edu> In-Reply-To: <Chameleon.870090090.nmh@geekgirl>
next in thread | previous in thread | raw e-mail | index | archive | help
> What is the range of sniffing? I.E. can the "sniffer" sniff past switched networks? > What is the "range" of sniffing? A machine can sniff any packet that passes through the wire going into its ethernet card. Switches, bridges, routers, and smarthubs will all limit the range of sniffing by preventing traffic not destined for a part of the network from going down its wires. For example, if LAN A is connected to LAN B over a switch or a bridge, and both LAN A and LAN B use either 10baseT/100baseT going into a common hub for each LAN or thinnet, then anyone with root access to a machine on LAN A can sniff all packets originating from and destined for LAN A machines, and only those packets. The same applies to LAN B - machines on that network can only sniff the packets from/to other machines on LAN B. However, if one LAN is using 10baseT/100baseT with a smarthub, then machines on that network will only receive their own incoming packets, and will thus not be able to sniff anyone else's packets. This doesn't mean the packets can't be sniffed, though. If the packets cross any insecure network or pass through a router en route to their destination, they can be sniffed there.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970728193910.26892B-100000>