Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] ios/cisco packet sniffer...

From: "van der Kooij, Hugo" <Hugo.van.der.Kooij () CAIW NL>
Date: Sat, 25 Nov 2000 10:09:47 +0100
On Fri, 24 Nov 2000, Joe Hacker wrote:


I couldn't see this in the thread, only a bunch of links to various pages,
and since I
am off-line at the moment (and probably WAAAY behind reading this...), I
leave it
to the moderator to approve the post.

One good way to do a packet dump on a Cisco is:

      router(config)#access-list 199 permit ip <source> <mask> <destination> <mask>
      router(config)#access-list 199 permit ip <destination> <mask> <source> <mask>
      router(config)#end
      router# debug ip packet 199 dump

E.g.

      access-list 199 permit ip host 192.168.0.1 any
      access-list 199 permit ip any host 192.168.0.1

Will dump packets destined to and from 192.168.0.1.

I included the list, since debugging at packet level can cause the router
to reload if there is a lot
of traffic.


Don't use it too liberal. Your router is now left for DoS attack. Unless
you have a high CPU vs bandwidhth ratio a simple portscan will render your
router useless. (Customer thought he was smart. However I shot his router
straight out of the sky the moment I started a noisy test.)

Hugo.




--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
This message has not been checked and may contain harmfull content.
Previous By Date Next
Previous By Thread Next

Current thread: