Switches are hardware devices for networks that prepares packets to be sent to a router(or possibly another kind of network device). In doing so, they separate the data into ethernet segments. For many years it had been the belief that this protected systems on separate ethernet segments from having their transmissions sniffed. While physical network architecture plays a large part on how much traffic can be intercepted, it is generally the case that if a computer is connected to the switch, and forges ARP(Address Resolution Protocol) replies of the network's gateway it can sniff traffic across ethernet segments, thus dissolving the age-old myth.

For proof of concept, look at dugsong's utility arpredirect, at

Another proof of concept of ARP-spoofing causing the ability to sniff traffic is ettercap. This utility allows an unprecedented level of ability to listen and inject network traffic.

The default behaviour of Ettercap is as follows:
It first ARP-storms the local subnet it is run off of, gathering MAC addresses of all hosts on the subnet.
It then uses an NMAP-style OS-detection and gathers all of the information for the subnet into a large list.
At this point, the user is left with the selection of a source and destination address to sniff traffic off of.

Ettercap found here:

Keep in mind that many network admins don't like it if you do this sort of thing without permission, so ask first.

Log in or register to write something here or to contact authors.