Solved

Sniffing telnet session on a switch

Posted on 2004-08-12
4
747 Views
Last Modified: 2013-12-04
Hi

Is it true that you cannot sniff telnet sessions on a switch. For example if I want to sniff the telnet session I make from my Laptop to the cisco router. If my laptop that is going to make a telnet session to cisco session is connected to port 1 on switch the cisco router is connected to port 2 on the switch and my sniffing laptop is connected to port 3, then if the laptop is going to make a telnet session to router can my sniffing laptop capture the traffic in between them ? Or say if I am connected to completely different switch but still on the same network what will be the behavior then ?
0
Comment
Question by:kamal73
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:LucF
LucF earned 125 total points
ID: 11781677
Hi kamal73,

A switch doesn't replicate the information to all ports, so you won't be able to sniff the data that way. To be able to sniff it, you'll have to exchange the switch for a hub, which is nothing more or less than a multi-port repeater, so all data will be send to all ports.

Greetings,

LucF
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 11781697
LucF is correct

Telnet is about as secure as an open window (without SSH) but there are some exeptions to the rule

you CAN sniff an interface with third party software - and some are designed to solely monitor switch ports

see http://www.eeye.com/html/Products/Iris/Download.html  this will sniff and decode anything
telnet traffic, Email traffic - even what web pages particular clients are using.
this is legal though it could be abused - above all, if your going to use this product in a work enviroment you need to inform your employees before you deploy it, as it has certain privicy implications.

Pete
0
 

Author Comment

by:kamal73
ID: 11781758
I'm only going to use it on a Lab network, how can one tell if it is being used on their network ?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11781806
:) well you cant, hence the need to inform people :)

ThanQ
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question