Solved

Sniffing telnet session on a switch

Posted on 2004-08-12
4
750 Views
Last Modified: 2013-12-04
Hi

Is it true that you cannot sniff telnet sessions on a switch. For example if I want to sniff the telnet session I make from my Laptop to the cisco router. If my laptop that is going to make a telnet session to cisco session is connected to port 1 on switch the cisco router is connected to port 2 on the switch and my sniffing laptop is connected to port 3, then if the laptop is going to make a telnet session to router can my sniffing laptop capture the traffic in between them ? Or say if I am connected to completely different switch but still on the same network what will be the behavior then ?
0
Comment
Question by:kamal73
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:LucF
LucF earned 125 total points
ID: 11781677
Hi kamal73,

A switch doesn't replicate the information to all ports, so you won't be able to sniff the data that way. To be able to sniff it, you'll have to exchange the switch for a hub, which is nothing more or less than a multi-port repeater, so all data will be send to all ports.

Greetings,

LucF
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 11781697
LucF is correct

Telnet is about as secure as an open window (without SSH) but there are some exeptions to the rule

you CAN sniff an interface with third party software - and some are designed to solely monitor switch ports

see http://www.eeye.com/html/Products/Iris/Download.html  this will sniff and decode anything
telnet traffic, Email traffic - even what web pages particular clients are using.
this is legal though it could be abused - above all, if your going to use this product in a work enviroment you need to inform your employees before you deploy it, as it has certain privicy implications.

Pete
0
 

Author Comment

by:kamal73
ID: 11781758
I'm only going to use it on a Lab network, how can one tell if it is being used on their network ?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11781806
:) well you cant, hence the need to inform people :)

ThanQ
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question