RE: Sniffing A VPN Router

["Conlan Adams" <conlan () midwesteyebanks org>]

I am assuming your plugging directly into the switch on it correct?

Here's an option, uplink it to a hub (yes a hub) connect any of the
connections going into it into said hub, and plug yourself into the hub.
Proceed to sniff.  Switches work on virtual connections, i.e. your
computer has a virtual connection to whatever else it wants to talk to,
and you don't see the other stuff going on.  Hubs are party lines, every
one sees everything, but ignores whats not for it.

This is why I keep hubs around even today.

-----Original Message-----
From: Jason T. Hallahan [mailto:jthallah () gmail com] 
Sent: Friday, May 05, 2006 3:33 PM
To: security-basics () securityfocus com
Subject: Sniffing A VPN Router

Hello and good day,

I have a Linksys RV016 VPN Router which I am trying to sniff. I would
like to see all of the traffic using Ethereal (or a similar program),
but right now I can only see Broadcast and Multicast traffic, as well
as Unicast to and from my local machine. I have tried plugging into
the uplink port which I hear sometimes works, but does not in this
case. Also, this router has no options to mirror or span ports, which
I guess would have been another solution. Other than replacing this
router with a hub (possible since it is for a dedicated LAN, i.e. no
WAN connection), is there a way for me to sniff all traffic directed
over all ports of this router? Is there a way I can do it with VLANs?
Is there a tool better than Ethereal or one designed for this purpose?

Thank you for your time!

- Jason