Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

security over vlan

Are there network packet sniffers that are able to decipher communication even if the target computer is in another vlan? I mean if a pc with a packet sniffer is on vlan1, can that user view info on vlan2? The reason i am asking is because i read that vlans offer security on packet sniffer software. However, from what i understand, these sniffers could only read communication from computers located within the same collision domain. I couldn't understand how it could listen to a pc on a subnet utilizing a switch. So i guess what i am getting at is - the switch itself is added security and vlans are no longer necessary unless ofcourse there are packet sniffers that could access lan comm. over a switch.

Thanks in advance for any info anyone could provide regarding this.

New Member

Re: security over vlan

VLAN/Router breaks up broadcast domains. Each switch port breaks up a collision domain.

If you turn a packet sniffer on, and you are plugged into a switchport, you will see only broadcast traffic, and traffic destined for you or sent by you.

If you use the packet sniffer on a hub, you will see all of the traffic, as a hub does not learn and build mac-address-table's, and send traffic only to those that it should. Every port in a hub make up the same collision domain, while every port in a switch is a collision domain itself.

VLAN's add security by breaking the broadcast domain, but I'm not sure how much packet sniffing security they provide over moving from a hub to a switch.