![]() ![]() Once a device starts an ARP Poisoning process or sniffing (actively) the port will shutdown (or other chosen action policy). Using the “mac-address sticky” option you will reduce efforts for managing mac address table on each port, while “mac-address maximum 2” will grant that no more than 2 MAC addresses can be applied on that port. This will give you the MAC and the origin port it was received on. Once someone asks you to disable a device, you can match the IP address with its MAC address and disable the port you need.Īlso you can prevent users from “sniffing” the network by using the “protected port” feature given by Cisco Catalysts. Note: The server should have tcpdump installed to use this. This command will show the internal MAC address-table of the switch or router that you are on. ![]() I would suggest you to do a map of the layer 2 of your network using some simple tool (nmap with -sP option to do a ping sweep of the entire subnet) and gathering the whole information in an Excel file (or equivalent). A MAC address table is built using the MAC source addresses of the frames received. When the destination station replies, the switch adds its relevant MAC source address and port ID to the address table. Also, from a security point of view, a portscan action can be done using a spoofed IP address, so the information given is unreliable. Since the switch is working at Layer 2 of the OSI model, you cannot associate an IP address on a port, but only a MAC address and the port it is connected. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |