[Asterisk-Dev] VoIP Call Sniffer
alex at pilosoft.com
alex at pilosoft.com
Sat Jan 8 23:22:19 MST 2005
On Sun, 9 Jan 2005, Russell Bryant wrote:
> > Not really, no. All you need to do is to flood the switch with more
> > MAC addresses than can be stored in its internal table (2048 addresses
> > for most low-end switches, possibly 65536 addresses on high-end
> > switches) and the switch will automatically switch over to acting like
> > a hub. Note that because the MAC address space is 48-bit, you would
> > need to have approximately 54 Terabytes to store a table of all MAC
> > addresses with their corresponding IP addresses (which would be needed
> > to defeat this attack).
>
> There's ettercap, too ...
And for completeness purposes, there's vomit.
http://vomit.xtdnet.nl/
Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it
could be but the naming is probably related to H.323.
-alex
More information about the asterisk-dev
mailing list