For those who think switched Ethernet environments are sniff-proof, the author offers this warning. Switches may be difficult to sniff, but they are certainly not immune. As is clear from the above sections, one method of sniffing in a switched environment is using ARP spoofing, and the machine that will most probably be ARP spoofed is the gateway.. . .
For those who think switched Ethernet environments are sniff-proof, the author offers this warning. Switches may be difficult to sniff, but they are certainly not immune. As is clear from the above sections, one method of sniffing in a switched environment is using ARP spoofing, and the machine that will most probably be ARP spoofed is the gateway. One thing that can be done is to add the MAC address of the gateway permanently to your ARP cache. This can be done by giving the -s flag to the arp command. Read more about this on the arp man page. Alternatively, you could use the /etc/ethers file for placing the MAC addresses of the important machines to prevent spoofing of those machines.

The link for this article located at LinuxJournal is no longer available.