security over vlan

Unanswered Question
Apr 23rd, 2007
User Badges:

Are there network packet sniffers that are able to decipher communication even if the target computer is in another vlan? I mean if a pc with a packet sniffer is on vlan1, can that user view info on vlan2? The reason i am asking is because i read that vlans offer security on packet sniffer software. However, from what i understand, these sniffers could only read communication from computers located within the same collision domain. I couldn't understand how it could listen to a pc on a subnet utilizing a switch. So i guess what i am getting at is - the switch itself is added security and vlans are no longer necessary unless ofcourse there are packet sniffers that could access lan comm. over a switch.

Thanks in advance for any info anyone could provide regarding this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

VLAN/Router breaks up broadcast domains. Each switch port breaks up a collision domain.

If you turn a packet sniffer on, and you are plugged into a switchport, you will see only broadcast traffic, and traffic destined for you or sent by you.

If you use the packet sniffer on a hub, you will see all of the traffic, as a hub does not learn and build mac-address-table's, and send traffic only to those that it should. Every port in a hub make up the same collision domain, while every port in a switch is a collision domain itself.

VLAN's add security by breaking the broadcast domain, but I'm not sure how much packet sniffing security they provide over moving from a hub to a switch.



This Discussion