Re: [SAGE] sniffing switched nets

[Jim <jimd@starshine.org>]

On Fri, Jan 25, 2002 at 10:23:47AM -0600, David R. Linn wrote:
> A few meetings ago (perhaps the ATC in San Diego), I seem to recall
> that some attendees demonstrated that you can sniff switched nets by
> collecting and then posting a set of passwords that they had captured
> from the switched TTY room net.  I believe that they wrote up their
> technique, maybe for a WIP, maybe for a later conference.
 
> The fellow teaching our new InfoSec class was asking me for ideas of
> things to cover and I mentioned this incident in the context of
> convincing people to use crypto for anything they want secured.  He
> asked me for a pointer and a quick look at the USENIX site didn't
> provide me with one so I'm turning to the collective.
 
> If this is not all a sign of premature senility, could someone point
> me at that writeup.
 
> 	 David

 Search freshmeat (http://www.freshmeat.net/ ) on the term
 "ettercap" for one tool that will do this.  In fact searching
 on the terms:  "sniff switch" returns a list of several, 
 including one called angst and another called smit.

 More creative searches, and following these things and seeding
 these terms into Google will probably net some articles and 
 web pages that compare the tools and techniques.

--
Jim Dennis