issuhub.com

CEH

(Jeff_L) #1

Switched Network Sniffing 227


Port Mirror or SPAN Port


Another way to circumvent switches is through the use of physical means—getting physi-
cal access to the switch and using port mirroring or a Switched Port Analyzer (SPAN) port.
This technique is used to send a copy of every network packet encountered on one switch-
port or a whole VLAN to another port where it may be monitored. This functionality is
used to monitor network traffic either for diagnostic purposes or for the purpose of imple-
menting devices such as network intrusion detection systems (NIDSs).


On the Defensive


As an ethical hacker, your work could very likely put you in a position of prevention rather
than pen testing. Based on what we’ve covered so far in this chapter, what you know as an
attacker can help you prevent the very techniques you employ from the outside in. Here are
defenses against the attacks we just covered from a pen tester’s perspective:


■ Use a hardware-switched network for the most sensitive portions of your network in


an effort to isolate traffic to a single segment or collision domain.

■ Implement IP DHCP Snooping on switches to prevent ARP-poisoning and spoofing


attacks.

■ Implement policies preventing promiscuous mode on network adapters.


■ Be careful when deploying wireless access points, knowing that all traffic on the


wireless network is subject to sniffing.

■ Encrypt your sensitive traffic using an encrypting protocol such as SSH or IPSec.


Technologies such as SSL and IPSec are designed not only to keep traffic

from being altered, but also to prevent prying eyes from seeing traffic they

shouldn’t.

Here are other methods of hardening a network against sniffing:
■ Static ARP entries, which consist of preconfiguring a device with the MAC addresses


of devices that it will be working with ahead of time. However, this strategy does not

scale well.

■ Port security is used by switches that have the ability to be programmed to allow only


specific MAC addresses to send and receive data on each port.

■ IPv6 has security benefits and options that IPv4 does not have.


■ Replacing protocols such as FTP and Telnet with SSH is an effective defense against sniff-


ing. If SSH is not a viable solution, consider protecting older legacy protocols with IPSec.

■ Virtual private networks (VPNs) can provide an effective defense against sniffing due


to their encryption aspect.

■ SSL is a great defense along with IPSec.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.