Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VLAN traffic

Hello,

There is a possibility so that a machine connect with network can see the whole of traffic which circulate in the vlan to which it be attach(broadcast, unicast, multicast).

And if there is some tool freewere which can be use for this goal.

4 REPLIES
New Member

Re: VLAN traffic

On the switch you need to enable port spanning so all traffic of the VLAN will be copied to a monitoring port. Look for the specific commands in the documentation of the switch.

As a freeware product to watch the traffic, you could use ethereal (www.ethereal.com).

New Member

Re: VLAN traffic

so, without administrator privilege of switch to enable port spanninge, no one can see the traffic unicast of the VLAN.

thanks.

Purple

Re: VLAN traffic

That is correct , you have to enter the correct ios commands to make it work .

New Member

Re: VLAN traffic

Actually it is possible for anyone who can connect to a switch port to see all unicast, multicast, and broadcast traffic on a given vlan, without any administrator privileges, using an application such as Ethereal.

You simply have to fill the MAC address table with bogus entries so that the switch cannot learn any of the real MAC addresses in the network. Once this occurs, the switch will flood all traffic (broadcast, multicasts, and unicasts) to every port in the VLAN, because the switch does not "know" where the legitimate addresses are and can no longer "learn" the address locations because the table is full.

This is sometimes referred to as a MAC attack. One way of preventing this is to use port security.

There's some good documentation on this and other potential security risks of switches at the following link:

http://www.cisco.com/networkers/nw03/presos/docs/SEC-2002.pdf

104
Views
0
Helpful
4
Replies