Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] ios/cisco packet sniffer...

From: batz <batsy () VAPOUR NET>
Date: Wed, 1 Nov 2000 05:06:39 -0500
On Tue, 31 Oct 2000, Ryan Russell wrote:

:Second, I think it would be possible to do a combination of tunnels and
:maybe NAT to re-route traffic elsewhere in the world for monitoring, and
:then back again.  Obviously this will cause a big performance hit if the
:monitor is far away, network-wise, but for store-and-forward things like
:mail, it probably wouldn't be noticed right away.  You should be able to
:use policy-based routing to select which types of traffic (ports) you want
:to redirect.

Try http://www.nanog.org/mtg-9910/robert.html for an overview of
how a system like this would work. The last issue of Phrack had
something like that in the article 'things to do in ciscoland when
you are dead.'

The main thing for sniffing using routers and switches is mirroring
ports, or vlans onto a segment you have your sniffer running on.
Some IP based stuff can be done with GRE tunnels, static routes,
and some kung-fu, which I think is in that phrack article..



--
batz
Reluctant Ninja
Defective Technologies
Previous By Date Next
Previous By Thread Next

Current thread: